diff options
author | Martin Brandenburg <martin@omnibond.com> | 2016-04-08 13:33:21 -0400 |
---|---|---|
committer | Mike Marshall <hubcap@omnibond.com> | 2016-04-08 14:10:34 -0400 |
commit | 2eacea74cc465edc23ce5a4dd5c2213008ac3a05 (patch) | |
tree | 6c937fb77a9ccae02a99c9c3fb80db83040d577a | |
parent | f83140c1467e22ba9ee9389bc4e6c3e117f2296e (diff) |
orangefs: strncpy -> strscpy
It would have been possible for a rogue client-core to send in a symlink
target which is not NUL terminated. This returns EIO if the client-core
gives us corrupt data.
Leave debugfs and superblock code as is for now.
Other dcache.c and namei.c strncpy instances are safe because
ORANGEFS_NAME_MAX = NAME_MAX + 1; there is always enough space for a
name plus a NUL byte.
Signed-off-by: Martin Brandenburg <martin@omnibond.com>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
-rw-r--r-- | fs/orangefs/orangefs-utils.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/fs/orangefs/orangefs-utils.c b/fs/orangefs/orangefs-utils.c index 40f5163b56aa..f392a6a362b4 100644 --- a/fs/orangefs/orangefs-utils.c +++ b/fs/orangefs/orangefs-utils.c @@ -315,9 +315,13 @@ int orangefs_inode_getattr(struct inode *inode, int new, int size) inode->i_size = (loff_t)strlen(new_op-> downcall.resp.getattr.link_target); orangefs_inode->blksize = (1 << inode->i_blkbits); - strlcpy(orangefs_inode->link_target, + ret = strscpy(orangefs_inode->link_target, new_op->downcall.resp.getattr.link_target, ORANGEFS_NAME_MAX); + if (ret == -E2BIG) { + ret = -EIO; + goto out; + } inode->i_link = orangefs_inode->link_target; } break; |