dm integrity: change memcmp to strncmp in dm_integrity_ctr

If the string opt_string is small, the function memcmp can access bytes that are beyond the terminating nul character. In theory, it could cause segfault, if opt_string were located just below some unmapped memory. Change from memcmp to strncmp so that we don't read bytes beyond the end of the string. Cc: stable@vger.kernel.org # v4.12+ Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
author: Mikulas Patocka <mpatocka@redhat.com> 2019-03-13 07:56:02 -0400
committer: Mike Snitzer <snitzer@redhat.com> 2019-04-01 16:11:11 -0400
commit: 0d74e6a3b6421d98eeafbed26f29156d469bc0b5 (patch)
tree: 13b9ab66fe1553126777b6afb114612743b6778c
parent: 79a3aaa7b82e3106be97842dedfd8429248896e6 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index d57d997a52c8..33fac437569f 100644
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -3185,7 +3185,7 @@ static int dm_integrity_ctr(struct dm_target *ti, unsigned argc, char **argv)
                        journal_watermark = val;
                else if (sscanf(opt_string, "commit_time:%u%c", &val, &dummy) == 1)
                        sync_msec = val;
-                else if (!memcmp(opt_string, "meta_device:", strlen("meta_device:"))) {
+                else if (!strncmp(opt_string, "meta_device:", strlen("meta_device:"))) {
                        if (ic->meta_dev) {
                                dm_put_device(ti, ic->meta_dev);
                                ic->meta_dev = NULL;
@@ -3204,17 +3204,17 @@ static int dm_integrity_ctr(struct dm_target *ti, unsigned argc, char **argv)
                                goto bad;
                        }
                        ic->sectors_per_block = val >> SECTOR_SHIFT;
-                } else if (!memcmp(opt_string, "internal_hash:", strlen("internal_hash:"))) {
+                } else if (!strncmp(opt_string, "internal_hash:", strlen("internal_hash:"))) {
                        r = get_alg_and_key(opt_string, &ic->internal_hash_alg, &ti->error,
                                            "Invalid internal_hash argument");
                        if (r)
                                goto bad;
-                } else if (!memcmp(opt_string, "journal_crypt:", strlen("journal_crypt:"))) {
+                } else if (!strncmp(opt_string, "journal_crypt:", strlen("journal_crypt:"))) {
                        r = get_alg_and_key(opt_string, &ic->journal_crypt_alg, &ti->error,
                                            "Invalid journal_crypt argument");
                        if (r)
                                goto bad;
-                } else if (!memcmp(opt_string, "journal_mac:", strlen("journal_mac:"))) {
+                } else if (!strncmp(opt_string, "journal_mac:", strlen("journal_mac:"))) {
                        r = get_alg_and_key(opt_string, &ic->journal_mac_alg,  &ti->error,
                                            "Invalid journal_mac argument");
                        if (r)
author	Mikulas Patocka <mpatocka@redhat.com>	2019-03-13 07:56:02 -0400
committer	Mike Snitzer <snitzer@redhat.com>	2019-04-01 16:11:11 -0400
commit	0d74e6a3b6421d98eeafbed26f29156d469bc0b5 (patch)
tree	13b9ab66fe1553126777b6afb114612743b6778c
parent	79a3aaa7b82e3106be97842dedfd8429248896e6 (diff)

diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c index d57d997a52c8..33fac437569f 100644 --- a/drivers/md/dm-integrity.c +++ b/drivers/md/dm-integrity.c
@@ -3185,7 +3185,7 @@ static int dm_integrity_ctr(struct dm_target ti, unsigned argc, char *argv)
3185	journal_watermark = val;	3185	journal_watermark = val;
3186	else if (sscanf(opt_string, "commit_time:%u%c", &val, &dummy) == 1)	3186	else if (sscanf(opt_string, "commit_time:%u%c", &val, &dummy) == 1)
3187	sync_msec = val;	3187	sync_msec = val;
3188	else if (!memcmp(opt_string, "meta_device:", strlen("meta_device:"))) {	3188	else if (!strncmp(opt_string, "meta_device:", strlen("meta_device:"))) {
3189	if (ic->meta_dev) {	3189	if (ic->meta_dev) {
3190	dm_put_device(ti, ic->meta_dev);	3190	dm_put_device(ti, ic->meta_dev);
3191	ic->meta_dev = NULL;	3191	ic->meta_dev = NULL;
@@ -3204,17 +3204,17 @@ static int dm_integrity_ctr(struct dm_target ti, unsigned argc, char *argv)
3204	goto bad;	3204	goto bad;
3205	}	3205	}
3206	ic->sectors_per_block = val >> SECTOR_SHIFT;	3206	ic->sectors_per_block = val >> SECTOR_SHIFT;
3207	} else if (!memcmp(opt_string, "internal_hash:", strlen("internal_hash:"))) {	3207	} else if (!strncmp(opt_string, "internal_hash:", strlen("internal_hash:"))) {
3208	r = get_alg_and_key(opt_string, &ic->internal_hash_alg, &ti->error,	3208	r = get_alg_and_key(opt_string, &ic->internal_hash_alg, &ti->error,
3209	"Invalid internal_hash argument");	3209	"Invalid internal_hash argument");
3210	if (r)	3210	if (r)
3211	goto bad;	3211	goto bad;
3212	} else if (!memcmp(opt_string, "journal_crypt:", strlen("journal_crypt:"))) {	3212	} else if (!strncmp(opt_string, "journal_crypt:", strlen("journal_crypt:"))) {
3213	r = get_alg_and_key(opt_string, &ic->journal_crypt_alg, &ti->error,	3213	r = get_alg_and_key(opt_string, &ic->journal_crypt_alg, &ti->error,
3214	"Invalid journal_crypt argument");	3214	"Invalid journal_crypt argument");
3215	if (r)	3215	if (r)
3216	goto bad;	3216	goto bad;
3217	} else if (!memcmp(opt_string, "journal_mac:", strlen("journal_mac:"))) {	3217	} else if (!strncmp(opt_string, "journal_mac:", strlen("journal_mac:"))) {
3218	r = get_alg_and_key(opt_string, &ic->journal_mac_alg, &ti->error,	3218	r = get_alg_and_key(opt_string, &ic->journal_mac_alg, &ti->error,
3219	"Invalid journal_mac argument");	3219	"Invalid journal_mac argument");
3220	if (r)	3220	if (r)