diff options
author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2009-03-10 20:33:17 -0400 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2009-03-10 20:33:17 -0400 |
commit | ef95d31e6de6be9602ce950b85fb7ab8af46ae42 (patch) | |
tree | aeb7d7a9893374a0c8975a5d060f07ab05283319 /fs/nfs | |
parent | eb9b55ab4d73280597fd183b367d50452f4d7846 (diff) |
NFS: Fix misparsing of nfsv4 fs_locations attribute (take 2)
The changeset ea31a4437c59219bf3ea946d58984b01a45a289c (nfs: Fix
misparsing of nfsv4 fs_locations attribute) causes the mountpath that is
calculated at the beginning of try_location() to be clobbered when we
later strncpy a non-nul terminated hostname using an incorrect buffer
length.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'fs/nfs')
-rw-r--r-- | fs/nfs/nfs4namespace.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/fs/nfs/nfs4namespace.c b/fs/nfs/nfs4namespace.c index 30befc39b3c6..2a2a0a7143ad 100644 --- a/fs/nfs/nfs4namespace.c +++ b/fs/nfs/nfs4namespace.c | |||
@@ -21,7 +21,9 @@ | |||
21 | #define NFSDBG_FACILITY NFSDBG_VFS | 21 | #define NFSDBG_FACILITY NFSDBG_VFS |
22 | 22 | ||
23 | /* | 23 | /* |
24 | * Check if fs_root is valid | 24 | * Convert the NFSv4 pathname components into a standard posix path. |
25 | * | ||
26 | * Note that the resulting string will be placed at the end of the buffer | ||
25 | */ | 27 | */ |
26 | static inline char *nfs4_pathname_string(const struct nfs4_pathname *pathname, | 28 | static inline char *nfs4_pathname_string(const struct nfs4_pathname *pathname, |
27 | char *buffer, ssize_t buflen) | 29 | char *buffer, ssize_t buflen) |
@@ -99,21 +101,20 @@ static struct vfsmount *try_location(struct nfs_clone_mount *mountdata, | |||
99 | { | 101 | { |
100 | struct vfsmount *mnt = ERR_PTR(-ENOENT); | 102 | struct vfsmount *mnt = ERR_PTR(-ENOENT); |
101 | char *mnt_path; | 103 | char *mnt_path; |
102 | int page2len; | 104 | unsigned int maxbuflen; |
103 | unsigned int s; | 105 | unsigned int s; |
104 | 106 | ||
105 | mnt_path = nfs4_pathname_string(&location->rootpath, page2, PAGE_SIZE); | 107 | mnt_path = nfs4_pathname_string(&location->rootpath, page2, PAGE_SIZE); |
106 | if (IS_ERR(mnt_path)) | 108 | if (IS_ERR(mnt_path)) |
107 | return mnt; | 109 | return mnt; |
108 | mountdata->mnt_path = mnt_path; | 110 | mountdata->mnt_path = mnt_path; |
109 | page2 += strlen(mnt_path) + 1; | 111 | maxbuflen = mnt_path - 1 - page2; |
110 | page2len = PAGE_SIZE - strlen(mnt_path) - 1; | ||
111 | 112 | ||
112 | for (s = 0; s < location->nservers; s++) { | 113 | for (s = 0; s < location->nservers; s++) { |
113 | const struct nfs4_string *buf = &location->servers[s]; | 114 | const struct nfs4_string *buf = &location->servers[s]; |
114 | struct sockaddr_storage addr; | 115 | struct sockaddr_storage addr; |
115 | 116 | ||
116 | if (buf->len <= 0 || buf->len >= PAGE_SIZE) | 117 | if (buf->len <= 0 || buf->len >= maxbuflen) |
117 | continue; | 118 | continue; |
118 | 119 | ||
119 | mountdata->addr = (struct sockaddr *)&addr; | 120 | mountdata->addr = (struct sockaddr *)&addr; |
@@ -126,8 +127,8 @@ static struct vfsmount *try_location(struct nfs_clone_mount *mountdata, | |||
126 | continue; | 127 | continue; |
127 | nfs_set_port(mountdata->addr, NFS_PORT); | 128 | nfs_set_port(mountdata->addr, NFS_PORT); |
128 | 129 | ||
129 | strncpy(page2, buf->data, page2len); | 130 | memcpy(page2, buf->data, buf->len); |
130 | page2[page2len] = '\0'; | 131 | page2[buf->len] = '\0'; |
131 | mountdata->hostname = page2; | 132 | mountdata->hostname = page2; |
132 | 133 | ||
133 | snprintf(page, PAGE_SIZE, "%s:%s", | 134 | snprintf(page, PAGE_SIZE, "%s:%s", |