Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758802AbcDHReK (ORCPT ); Fri, 8 Apr 2016 13:34:10 -0400 Received: from mail-yw0-f178.google.com ([209.85.161.178]:33054 "EHLO mail-yw0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753725AbcDHReI (ORCPT ); Fri, 8 Apr 2016 13:34:08 -0400 From: Martin Brandenburg To: andy.shevchenko@gmail.com, hubcap@omnibond.com, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org Cc: Martin Brandenburg Subject: [PATCH] orangefs: strncpy -> strscpy Date: Fri, 8 Apr 2016 13:33:21 -0400 Message-Id: <1460136801-32480-1-git-send-email-martin@omnibond.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: References: Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1233 Lines: 36 It would have been possible for a rogue client-core to send in a symlink target which is not NUL terminated. This returns EIO if the client-core gives us corrupt data. Leave debugfs and superblock code as is for now. Other dcache.c and namei.c strncpy instances are safe because ORANGEFS_NAME_MAX = NAME_MAX + 1; there is always enough space for a name plus a NUL byte. Signed-off-by: Martin Brandenburg --- fs/orangefs/orangefs-utils.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/orangefs/orangefs-utils.c b/fs/orangefs/orangefs-utils.c index 40f5163..f392a6a 100644 --- a/fs/orangefs/orangefs-utils.c +++ b/fs/orangefs/orangefs-utils.c @@ -315,9 +315,13 @@ int orangefs_inode_getattr(struct inode *inode, int new, int size) inode->i_size = (loff_t)strlen(new_op-> downcall.resp.getattr.link_target); orangefs_inode->blksize = (1 << inode->i_blkbits); - strlcpy(orangefs_inode->link_target, + ret = strscpy(orangefs_inode->link_target, new_op->downcall.resp.getattr.link_target, ORANGEFS_NAME_MAX); + if (ret == -E2BIG) { + ret = -EIO; + goto out; + } inode->i_link = orangefs_inode->link_target; } break; -- 1.8.3.1