strrchr() can return NULL if nothing is found. If this happens we'll
dereference a NULL pointer in
fs/nfs/nfs4filelayoutdev.c::decode_and_add_ds().
I tried to find some other code that guarantees that this can never
happen but I was unsuccessful. So, unless someone else can point to some
code that ensures this can never be a problem, I believe this patch is
needed.
While I was changing this code I also noticed that all the dprintk()
statements, except one, start with "%s:". The one missing the ":" I added
it to.
Signed-off-by: Jesper Juhl <[email protected]>
---
nfs4filelayoutdev.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
only compile tested.
diff --git a/fs/nfs/nfs4filelayoutdev.c b/fs/nfs/nfs4filelayoutdev.c
index 51fe64a..5a85b8f 100644
--- a/fs/nfs/nfs4filelayoutdev.c
+++ b/fs/nfs/nfs4filelayoutdev.c
@@ -214,7 +214,7 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
/* ipv6 length plus port is legal */
if (rlen > INET6_ADDRSTRLEN + 8) {
- dprintk("%s Invalid address, length %d\n", __func__,
+ dprintk("%s: Invalid address, length %d\n", __func__,
rlen);
goto out_err;
}
@@ -225,6 +225,11 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
/* replace the port dots with dashes for the in4_pton() delimiter*/
for (i = 0; i < 2; i++) {
char *res = strrchr(buf, '.');
+ if (!res) {
+ dprintk("%s: Failed finding expected dots in port\n",
+ __func__);
+ goto out_free;
+ }
*res = '-';
}
--
Jesper Juhl <[email protected]> http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.
On Sun, Jan 16, 2011 at 3:50 PM, Jesper Juhl <[email protected]> wrote:
> strrchr() can return NULL if nothing is found. If this happens we'll
> dereference a NULL pointer in
> fs/nfs/nfs4filelayoutdev.c::decode_and_add_ds().
>
> I tried to find some other code that guarantees that this can never
> happen but I was unsuccessful. So, unless someone else can point to some
> code that ensures this can never be a problem, I believe this patch is
> needed.
>
The only guarantee is the assumption that the server isn't sending
garbage. As such, this patch looks good to me.
Fred
> While I was changing this code I also noticed that all the dprintk()
> statements, except one, start with "%s:". The one missing the ":" I added
> it to.
>
> Signed-off-by: Jesper Juhl <[email protected]>
> ---
> ?nfs4filelayoutdev.c | ? ?7 ++++++-
> ?1 file changed, 6 insertions(+), 1 deletion(-)
>
> ?only compile tested.
>
> diff --git a/fs/nfs/nfs4filelayoutdev.c b/fs/nfs/nfs4filelayoutdev.c
> index 51fe64a..5a85b8f 100644
> --- a/fs/nfs/nfs4filelayoutdev.c
> +++ b/fs/nfs/nfs4filelayoutdev.c
> @@ -214,7 +214,7 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
>
> ? ? ? ?/* ipv6 length plus port is legal */
> ? ? ? ?if (rlen > INET6_ADDRSTRLEN + 8) {
> - ? ? ? ? ? ? ? dprintk("%s Invalid address, length %d\n", __func__,
> + ? ? ? ? ? ? ? dprintk("%s: Invalid address, length %d\n", __func__,
> ? ? ? ? ? ? ? ? ? ? ? ?rlen);
> ? ? ? ? ? ? ? ?goto out_err;
> ? ? ? ?}
> @@ -225,6 +225,11 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
> ? ? ? ?/* replace the port dots with dashes for the in4_pton() delimiter*/
> ? ? ? ?for (i = 0; i < 2; i++) {
> ? ? ? ? ? ? ? ?char *res = strrchr(buf, '.');
> + ? ? ? ? ? ? ? if (!res) {
> + ? ? ? ? ? ? ? ? ? ? ? dprintk("%s: Failed finding expected dots in port\n",
> + ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? __func__);
> + ? ? ? ? ? ? ? ? ? ? ? goto out_free;
> + ? ? ? ? ? ? ? }
> ? ? ? ? ? ? ? ?*res = '-';
> ? ? ? ?}
>
>
> --
> Jesper Juhl <[email protected]> ? ? ? ? ? ?http://www.chaosbits.net/
> Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
> Plain text mails only, please.
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to [email protected]
> More majordomo info at ?http://vger.kernel.org/majordomo-info.html
>
On Mon, 17 Jan 2011, Mi Jinlong wrote:
>
>
> Jesper Juhl:
> > strrchr() can return NULL if nothing is found. If this happens we'll
> > dereference a NULL pointer in
> > fs/nfs/nfs4filelayoutdev.c::decode_and_add_ds().
> >
> > I tried to find some other code that guarantees that this can never
> > happen but I was unsuccessful. So, unless someone else can point to some
> > code that ensures this can never be a problem, I believe this patch is
> > needed.
> >
> > While I was changing this code I also noticed that all the dprintk()
> > statements, except one, start with "%s:". The one missing the ":" I added
> > it to.
>
> Maybe another one also should be changed at decode_and_add_ds() at line 243:
>
> 243 printk("%s Decoded address and port %s\n", __func__, buf);
>
Missed that one. Thanks.
Signed-off-by: Jesper Juhl <[email protected]>
---
nfs4filelayoutdev.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/fs/nfs/nfs4filelayoutdev.c b/fs/nfs/nfs4filelayoutdev.c
index 51fe64a..f5c9b12 100644
--- a/fs/nfs/nfs4filelayoutdev.c
+++ b/fs/nfs/nfs4filelayoutdev.c
@@ -214,7 +214,7 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
/* ipv6 length plus port is legal */
if (rlen > INET6_ADDRSTRLEN + 8) {
- dprintk("%s Invalid address, length %d\n", __func__,
+ dprintk("%s: Invalid address, length %d\n", __func__,
rlen);
goto out_err;
}
@@ -225,6 +225,11 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
/* replace the port dots with dashes for the in4_pton() delimiter*/
for (i = 0; i < 2; i++) {
char *res = strrchr(buf, '.');
+ if (!res) {
+ dprintk("%s: Failed finding expected dots in port\n",
+ __func__);
+ goto out_free;
+ }
*res = '-';
}
@@ -240,7 +245,7 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
port = htons((tmp[0] << 8) | (tmp[1]));
ds = nfs4_pnfs_ds_add(inode, ip_addr, port);
- dprintk("%s Decoded address and port %s\n", __func__, buf);
+ dprintk("%s: Decoded address and port %s\n", __func__, buf);
out_free:
kfree(buf);
out_err:
--
Jesper Juhl <[email protected]> http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.
Jesper Juhl:
> strrchr() can return NULL if nothing is found. If this happens we'll
> dereference a NULL pointer in
> fs/nfs/nfs4filelayoutdev.c::decode_and_add_ds().
>
> I tried to find some other code that guarantees that this can never
> happen but I was unsuccessful. So, unless someone else can point to some
> code that ensures this can never be a problem, I believe this patch is
> needed.
>
> While I was changing this code I also noticed that all the dprintk()
> statements, except one, start with "%s:". The one missing the ":" I added
> it to.
Maybe another one also should be changed at decode_and_add_ds() at line 243:
243 printk("%s Decoded address and port %s\n", __func__, buf);
--
----
thanks
Mi Jinlong
>
> Signed-off-by: Jesper Juhl <[email protected]>
> ---
> nfs4filelayoutdev.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> only compile tested.
>
> diff --git a/fs/nfs/nfs4filelayoutdev.c b/fs/nfs/nfs4filelayoutdev.c
> index 51fe64a..5a85b8f 100644
> --- a/fs/nfs/nfs4filelayoutdev.c
> +++ b/fs/nfs/nfs4filelayoutdev.c
> @@ -214,7 +214,7 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
>
> /* ipv6 length plus port is legal */
> if (rlen > INET6_ADDRSTRLEN + 8) {
> - dprintk("%s Invalid address, length %d\n", __func__,
> + dprintk("%s: Invalid address, length %d\n", __func__,
> rlen);
> goto out_err;
> }
> @@ -225,6 +225,11 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
> /* replace the port dots with dashes for the in4_pton() delimiter*/
> for (i = 0; i < 2; i++) {
> char *res = strrchr(buf, '.');
> + if (!res) {
> + dprintk("%s: Failed finding expected dots in port\n",
> + __func__);
> + goto out_free;
> + }
> *res = '-';
> }
>
>
On Mon, 17 Jan 2011, Fred Isaman wrote:
> On Sun, Jan 16, 2011 at 3:50 PM, Jesper Juhl <[email protected]> wrote:
> > strrchr() can return NULL if nothing is found. If this happens we'll
> > dereference a NULL pointer in
> > fs/nfs/nfs4filelayoutdev.c::decode_and_add_ds().
> >
> > I tried to find some other code that guarantees that this can never
> > happen but I was unsuccessful. So, unless someone else can point to some
> > code that ensures this can never be a problem, I believe this patch is
> > needed.
> >
>
> The only guarantee is the assumption that the server isn't sending
> garbage. As such, this patch looks good to me.
>
Thanks. Can I add your Acked-by: if/when I resend the patch?
--
Jesper Juhl <[email protected]> http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.
On Mon, Jan 17, 2011 at 1:42 PM, Jesper Juhl <[email protected]> wrote:
> On Mon, 17 Jan 2011, Fred Isaman wrote:
>
>> On Sun, Jan 16, 2011 at 3:50 PM, Jesper Juhl <[email protected]> wrot=
e:
>> > strrchr() can return NULL if nothing is found. If this happens we'=
ll
>> > dereference a NULL pointer in
>> > fs/nfs/nfs4filelayoutdev.c::decode_and_add_ds().
>> >
>> > I tried to find some other code that guarantees that this can neve=
r
>> > happen but I was unsuccessful. So, unless someone else can point t=
o some
>> > code that ensures this can never be a problem, I believe this patc=
h is
>> > needed.
>> >
>>
>> The only guarantee is the assumption that the server isn't sending
>> garbage. =A0As such, this patch looks good to me.
>>
>
> Thanks. Can I add your Acked-by: if/when I resend the patch?
>
Yes.
=46red
> --
> Jesper Juhl <[email protected]> =A0 =A0 =A0 =A0 =A0 =A0http://www.chao=
sbits.net/
> Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
> Plain text mails only, please.
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" =
in
> the body of a message to [email protected]
> More majordomo info at =A0http://vger.kernel.org/majordomo-info.html
>
On Jan 17, 2011, at 1:41 PM, Jesper Juhl wrote:
> On Mon, 17 Jan 2011, Mi Jinlong wrote:
>
>>
>>
>> Jesper Juhl:
>>> strrchr() can return NULL if nothing is found. If this happens we'll
>>> dereference a NULL pointer in
>>> fs/nfs/nfs4filelayoutdev.c::decode_and_add_ds().
Yes - good catch.
-->Andy
>>>
>>> I tried to find some other code that guarantees that this can never
>>> happen but I was unsuccessful. So, unless someone else can point to some
>>> code that ensures this can never be a problem, I believe this patch is
>>> needed.
>>>
>>> While I was changing this code I also noticed that all the dprintk()
>>> statements, except one, start with "%s:". The one missing the ":" I added
>>> it to.
>>
>> Maybe another one also should be changed at decode_and_add_ds() at line 243:
>>
>> 243 printk("%s Decoded address and port %s\n", __func__, buf);
>>
> Missed that one. Thanks.
>
> Signed-off-by: Jesper Juhl <[email protected]>
> ---
> nfs4filelayoutdev.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/fs/nfs/nfs4filelayoutdev.c b/fs/nfs/nfs4filelayoutdev.c
> index 51fe64a..f5c9b12 100644
> --- a/fs/nfs/nfs4filelayoutdev.c
> +++ b/fs/nfs/nfs4filelayoutdev.c
> @@ -214,7 +214,7 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
>
> /* ipv6 length plus port is legal */
> if (rlen > INET6_ADDRSTRLEN + 8) {
> - dprintk("%s Invalid address, length %d\n", __func__,
> + dprintk("%s: Invalid address, length %d\n", __func__,
> rlen);
> goto out_err;
> }
> @@ -225,6 +225,11 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
> /* replace the port dots with dashes for the in4_pton() delimiter*/
> for (i = 0; i < 2; i++) {
> char *res = strrchr(buf, '.');
> + if (!res) {
> + dprintk("%s: Failed finding expected dots in port\n",
> + __func__);
> + goto out_free;
> + }
> *res = '-';
> }
>
> @@ -240,7 +245,7 @@ decode_and_add_ds(__be32 **pp, struct inode *inode)
> port = htons((tmp[0] << 8) | (tmp[1]));
>
> ds = nfs4_pnfs_ds_add(inode, ip_addr, port);
> - dprintk("%s Decoded address and port %s\n", __func__, buf);
> + dprintk("%s: Decoded address and port %s\n", __func__, buf);
> out_free:
> kfree(buf);
> out_err:
>
>
> --
> Jesper Juhl <[email protected]> http://www.chaosbits.net/
> Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
> Plain text mails only, please.
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html