Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp2223077pxb;
        Sat, 21 Nov 2020 13:43:26 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwfFO75ZbeGSkbGwRL86OCSm4kU68ivmWO8bTizM+/XrkVgKHR2Muq5KTGwfN3NNhOb1QP1
X-Received: by 2002:a05:6402:b3b:: with SMTP id bo27mr40200930edb.376.1605995005809;
        Sat, 21 Nov 2020 13:43:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1605995005; cv=none;
        d=google.com; s=arc-20160816;
        b=ig16Kvj4rlRHd2u+P0ClqpRwg+j7sYDxpTiBHx4D259E2bT9xAf7K0OLHOGxdK02om
         V0rmxFXq3+Obh3em2imKl4tuNHuk8nJA75XGUyhTb+CXM5jN/zAxGnndX/ZIs7Ta7H4b
         +k7Axy6pvut2gD9WYEEJdNLO8CnCp/QxWzq8SFYuUUDRvEM+5T+kavboTIDclJ4a5bBQ
         +B9wmihF9zLFScAp1mk4ttLIZmFso3fWJnLcUTv0xwMpXygTF38rj3oXVL0zA3uIpwA2
         ad/xvKr432czMXjCGQaszkNfX5hVq4fTDjztg1X1KZMZ+Mrn1qd7rjTYvkKvSDt9I5rj
         jXwQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=2awW3mgEqEV/daRfAclvkh4F9k5IYVwtCGHMH+2xswA=;
        b=d8cAR4Lc4PJhPMtifWx74CqPBifvrhcVqR6704yWivvvrqyg7T4/hGuKYLG9NTrlRQ
         1QPOJg25oltV8Q7FP2bCb7uKGMWYNkpDBCNW3jLTFQiqLukZvgKvdg1Azamortw15jbF
         DFVpyqJEmkst/l8crcS4pQzfB/TFU1ErFIoJRWQVHkMDLDCF7+uDtZWoga3ZNc49A6rT
         u0njR2wsUHDVNwQL2bJ0vkK/eFEUX/gs8EZTYOxq93RGOkA5WlIEIoknb6Q1TdJWISDF
         Des9YwbjCdrbvDS+v4KVuwLrD98RW4ry/j6v4Pes7qmh7QT4D1x7WaJQMM4+4FV59sFx
         Y43A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@alarsen.net header.s=joe header.b=X9IIOyeh;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=REJECT dis=NONE) header.from=alarsen.net
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id r15si4111413ejy.36.2020.11.21.13.43.02;
        Sat, 21 Nov 2020 13:43:25 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@alarsen.net header.s=joe header.b=X9IIOyeh;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=REJECT dis=NONE) header.from=alarsen.net
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728549AbgKUVkS (ORCPT <rfc822;thunderbird.krnldev@gmail.com>
        + 99 others); Sat, 21 Nov 2020 16:40:18 -0500
Received: from mail.alarsen.net ([144.76.18.233]:50576 "EHLO mail.alarsen.net"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728402AbgKUVkS (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 21 Nov 2020 16:40:18 -0500
Received: from oscar.alarsen.net (unknown [IPv6:2001:470:1f0b:246:40e7:424f:4d36:7fd2])
        by joe.alarsen.net (Postfix) with ESMTPS id 416CC2B80439;
        Sat, 21 Nov 2020 22:40:17 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alarsen.net; s=joe;
        t=1605994817; bh=2awW3mgEqEV/daRfAclvkh4F9k5IYVwtCGHMH+2xswA=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=X9IIOyeh5ch0CHB6+neZeJD2/OMi1kd0Cwyf+sYChpcGdb0BlK4ijPOABsMZmjX68
         Y05zXsrG6FOq+aJKDCImjWb2Z/PFFnMBcccu6IuGqmBUrCE18mGhQtQN24FJOB0SH9
         qvjZtMAhIwYKN3h2xRJcxh5CTdUfxEQ4kUPPjc/0=
Received: from oscar.localnet (localhost [IPv6:::1])
        by oscar.alarsen.net (Postfix) with ESMTP id 1DE6F27C0929;
        Sat, 21 Nov 2020 22:40:17 +0100 (CET)
From:   Anders Larsen <al@alarsen.net>
To:     Tong Zhang <ztong0001@gmail.com>
Cc:     linux-kernel@vger.kernel.org
Subject: Re: [PATCH v1] qnx4_match: do not over run the buffer
Date:   Sat, 21 Nov 2020 22:40:17 +0100
Message-ID: <2474566.rpppqFFLNx@alarsen.net>
In-Reply-To: <20201120212120.2502522-1-ztong0001@gmail.com>
References: <20201120212120.2502522-1-ztong0001@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Friday, 2020-11-20 22:21 Tong Zhang wrote:
> the di_fname may not terminated by '\0', use strnlen to prevent buffer
> overrun
> 
> ---
>  fs/qnx4/namei.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/qnx4/namei.c b/fs/qnx4/namei.c
> index 8d72221735d7..c0e79094f578 100644
> --- a/fs/qnx4/namei.c
> +++ b/fs/qnx4/namei.c
> @@ -40,7 +40,7 @@ static int qnx4_match(int len, const char *name,
>  	} else {
>  		namelen = QNX4_SHORT_NAME_MAX;
>  	}
> -	thislen = strlen( de->di_fname );
> +	thislen = strnlen( de->di_fname, QNX4_SHORT_NAME_MAX );

that should be
+	thislen = strnlen( de->di_fname, namelen );
otherwise the length of a filename would always be limited to QNX4_SHORT_NAME_MAX (16) characters.

>  	if ( thislen > namelen )
>  		thislen = namelen;

These two lines can be dropped now, as the result of strnlen() cannot exceed namelen anyway.

Cheers
Anders