Re: [PATCH] CIFS: Fix a potencially linear read overflow

From: Paulo Alcantara
Date: Tue Aug 17 2021 - 20:29:04 EST

Next message: Tony Luck: "[PATCH v2 3/3] x86/mce: Drop copyin special case for #MC"
Previous message: Daeho Jeong: "[PATCH v3] f2fs: introduce periodic iostat io latency traces"
In reply to: Len Baker: "[PATCH] CIFS: Fix a potencially linear read overflow"
Next in thread: Steve French: "Re: [PATCH] CIFS: Fix a potencially linear read overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Len Baker <len.baker@xxxxxxx> writes:

> strlcpy() reads the entire source buffer first. This read may exceed the
> destination size limit. This is both inefficient and can lead to linear
> read overflows if a source string is not NUL-terminated.
>
> Also, the strnlen() call does not avoid the read overflow in the strlcpy
> function when a not NUL-terminated string is passed.
>
> So, replace this block by a call to kstrndup() that avoids this type of
> overflow and does the same.
>
> Fixes: 066ce6899484d ("cifs: rename cifs_strlcpy_to_host and make it use new functions")
> Signed-off-by: Len Baker <len.baker@xxxxxxx>
> ---
> fs/cifs/cifs_unicode.c | 9 ++-------
> 1 file changed, 2 insertions(+), 7 deletions(-)

Reviewed-by: Paulo Alcantara (SUSE) <pc@xxxxxx>

Next message: Tony Luck: "[PATCH v2 3/3] x86/mce: Drop copyin special case for #MC"
Previous message: Daeho Jeong: "[PATCH v3] f2fs: introduce periodic iostat io latency traces"
In reply to: Len Baker: "[PATCH] CIFS: Fix a potencially linear read overflow"
Next in thread: Steve French: "Re: [PATCH] CIFS: Fix a potencially linear read overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]