[PATCH] orangefs: strncpy -> strscpy

From: Martin Brandenburg
Date: Fri Apr 08 2016 - 13:34:12 EST

Next message: Doug Anderson: "Re: [PATCH v2 1/2] dma/iommu: Add pgsize_bitmap confirmation in __iommu_dma_alloc_pages"
Previous message: Arnaldo Carvalho de Melo: "Re: [PATCH 1/4] perf trace: Improve error message when receive non-tracepoint events"
In reply to: martin: "Re: [PATCH 2/3] orangefs: strncpy -> strlcpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It would have been possible for a rogue client-core to send in a symlink
target which is not NUL terminated. This returns EIO if the client-core
gives us corrupt data.

Leave debugfs and superblock code as is for now.

Other dcache.c and namei.c strncpy instances are safe because
ORANGEFS_NAME_MAX = NAME_MAX + 1; there is always enough space for a
name plus a NUL byte.

Signed-off-by: Martin Brandenburg <martin@xxxxxxxxxxxx>
---
fs/orangefs/orangefs-utils.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/orangefs/orangefs-utils.c b/fs/orangefs/orangefs-utils.c
index 40f5163..f392a6a 100644
--- a/fs/orangefs/orangefs-utils.c
+++ b/fs/orangefs/orangefs-utils.c
@@ -315,9 +315,13 @@ int orangefs_inode_getattr(struct inode *inode, int new, int size)
inode->i_size = (loff_t)strlen(new_op->
downcall.resp.getattr.link_target);
orangefs_inode->blksize = (1 << inode->i_blkbits);
- strlcpy(orangefs_inode->link_target,
+ ret = strscpy(orangefs_inode->link_target,
new_op->downcall.resp.getattr.link_target,
ORANGEFS_NAME_MAX);
+ if (ret == -E2BIG) {
+ ret = -EIO;
+ goto out;
+ }
inode->i_link = orangefs_inode->link_target;
}
break;
--
1.8.3.1

Next message: Doug Anderson: "Re: [PATCH v2 1/2] dma/iommu: Add pgsize_bitmap confirmation in __iommu_dma_alloc_pages"
Previous message: Arnaldo Carvalho de Melo: "Re: [PATCH 1/4] perf trace: Improve error message when receive non-tracepoint events"
In reply to: martin: "Re: [PATCH 2/3] orangefs: strncpy -> strlcpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]