LinuxLists.cc - [PATCH] SUNRPC: stop printk reading past end of string

2020-09-05 14:04:50

Subject: [PATCH] SUNRPC: stop printk reading past end of string

From: "J. Bruce Fields" <[email protected]>

Since p points at raw xdr data, there's no guarantee that it's NULL
terminated, so we should give a length. And probably escape any special
characters too.

Reported-by: Zhi Li <[email protected]>
Signed-off-by: J. Bruce Fields <[email protected]>
---
net/sunrpc/rpcb_clnt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c
index c27123e6ba80..4a67685c83eb 100644
--- a/net/sunrpc/rpcb_clnt.c
+++ b/net/sunrpc/rpcb_clnt.c
@@ -982,8 +982,8 @@ static int rpcb_dec_getaddr(struct rpc_rqst *req, struct xdr_stream *xdr,
p = xdr_inline_decode(xdr, len);
if (unlikely(p == NULL))
goto out_fail;
- dprintk("RPC: %5u RPCB_%s reply: %s\n", req->rq_task->tk_pid,
- req->rq_task->tk_msg.rpc_proc->p_name, (char *)p);
+ dprintk("RPC: %5u RPCB_%s reply: %*pE\n", req->rq_task->tk_pid,
+ req->rq_task->tk_msg.rpc_proc->p_name, len, (char *)p);

if (rpc_uaddr2sockaddr(req->rq_xprt->xprt_net, (char *)p, len,
sap, sizeof(address)) == 0)
--
2.26.2

2020-09-05 16:55:52

by Chuck Lever III

[permalink] [raw]

Subject: Re: [PATCH] SUNRPC: stop printk reading past end of string

> On Sep 5, 2020, at 10:03 AM, [email protected] wrote:
>
> From: "J. Bruce Fields" <[email protected]>
>
> Since p points at raw xdr data, there's no guarantee that it's NULL
> terminated, so we should give a length. And probably escape any special
> characters too.
>
> Reported-by: Zhi Li <[email protected]>
> Signed-off-by: J. Bruce Fields <[email protected]>

I sent a patch a couple months ago to remove this dprintk:

https://lore.kernel.org/linux-nfs/[email protected]/T/#u

However you might want to apply Bruce's patch first, so it can
be backported to stable.

> ---
> net/sunrpc/rpcb_clnt.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c
> index c27123e6ba80..4a67685c83eb 100644
> --- a/net/sunrpc/rpcb_clnt.c
> +++ b/net/sunrpc/rpcb_clnt.c
> @@ -982,8 +982,8 @@ static int rpcb_dec_getaddr(struct rpc_rqst *req, struct xdr_stream *xdr,
> p = xdr_inline_decode(xdr, len);
> if (unlikely(p == NULL))
> goto out_fail;
> - dprintk("RPC: %5u RPCB_%s reply: %s\n", req->rq_task->tk_pid,
> - req->rq_task->tk_msg.rpc_proc->p_name, (char *)p);
> + dprintk("RPC: %5u RPCB_%s reply: %*pE\n", req->rq_task->tk_pid,
> + req->rq_task->tk_msg.rpc_proc->p_name, len, (char *)p);
>
> if (rpc_uaddr2sockaddr(req->rq_xprt->xprt_net, (char *)p, len,
> sap, sizeof(address)) == 0)
> --
> 2.26.2
>

--
Chuck Lever