diff options
| author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2009-03-10 20:33:17 -0400 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2009-03-10 20:33:17 -0400 |
| commit | ef95d31e6de6be9602ce950b85fb7ab8af46ae42 (patch) | |
| tree | aeb7d7a9893374a0c8975a5d060f07ab05283319 /fs/nfs | |
| parent | eb9b55ab4d73280597fd183b367d50452f4d7846 (diff) | |
NFS: Fix misparsing of nfsv4 fs_locations attribute (take 2)
The changeset ea31a4437c59219bf3ea946d58984b01a45a289c (nfs: Fix
misparsing of nfsv4 fs_locations attribute) causes the mountpath that is
calculated at the beginning of try_location() to be clobbered when we
later strncpy a non-nul terminated hostname using an incorrect buffer
length.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'fs/nfs')
| -rw-r--r-- | fs/nfs/nfs4namespace.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/fs/nfs/nfs4namespace.c b/fs/nfs/nfs4namespace.c index 30befc39b3c6..2a2a0a7143ad 100644 --- a/fs/nfs/nfs4namespace.c +++ b/fs/nfs/nfs4namespace.c | |||
| @@ -21,7 +21,9 @@ | |||
| 21 | #define NFSDBG_FACILITY NFSDBG_VFS | 21 | #define NFSDBG_FACILITY NFSDBG_VFS |
| 22 | 22 | ||
| 23 | /* | 23 | /* |
| 24 | * Check if fs_root is valid | 24 | * Convert the NFSv4 pathname components into a standard posix path. |
| 25 | * | ||
| 26 | * Note that the resulting string will be placed at the end of the buffer | ||
| 25 | */ | 27 | */ |
| 26 | static inline char *nfs4_pathname_string(const struct nfs4_pathname *pathname, | 28 | static inline char *nfs4_pathname_string(const struct nfs4_pathname *pathname, |
| 27 | char *buffer, ssize_t buflen) | 29 | char *buffer, ssize_t buflen) |
| @@ -99,21 +101,20 @@ static struct vfsmount *try_location(struct nfs_clone_mount *mountdata, | |||
| 99 | { | 101 | { |
| 100 | struct vfsmount *mnt = ERR_PTR(-ENOENT); | 102 | struct vfsmount *mnt = ERR_PTR(-ENOENT); |
| 101 | char *mnt_path; | 103 | char *mnt_path; |
| 102 | int page2len; | 104 | unsigned int maxbuflen; |
| 103 | unsigned int s; | 105 | unsigned int s; |
| 104 | 106 | ||
| 105 | mnt_path = nfs4_pathname_string(&location->rootpath, page2, PAGE_SIZE); | 107 | mnt_path = nfs4_pathname_string(&location->rootpath, page2, PAGE_SIZE); |
| 106 | if (IS_ERR(mnt_path)) | 108 | if (IS_ERR(mnt_path)) |
| 107 | return mnt; | 109 | return mnt; |
| 108 | mountdata->mnt_path = mnt_path; | 110 | mountdata->mnt_path = mnt_path; |
| 109 | page2 += strlen(mnt_path) + 1; | 111 | maxbuflen = mnt_path - 1 - page2; |
| 110 | page2len = PAGE_SIZE - strlen(mnt_path) - 1; | ||
| 111 | 112 | ||
| 112 | for (s = 0; s < location->nservers; s++) { | 113 | for (s = 0; s < location->nservers; s++) { |
| 113 | const struct nfs4_string *buf = &location->servers[s]; | 114 | const struct nfs4_string *buf = &location->servers[s]; |
| 114 | struct sockaddr_storage addr; | 115 | struct sockaddr_storage addr; |
| 115 | 116 | ||
| 116 | if (buf->len <= 0 || buf->len >= PAGE_SIZE) | 117 | if (buf->len <= 0 || buf->len >= maxbuflen) |
| 117 | continue; | 118 | continue; |
| 118 | 119 | ||
| 119 | mountdata->addr = (struct sockaddr *)&addr; | 120 | mountdata->addr = (struct sockaddr *)&addr; |
| @@ -126,8 +127,8 @@ static struct vfsmount *try_location(struct nfs_clone_mount *mountdata, | |||
| 126 | continue; | 127 | continue; |
| 127 | nfs_set_port(mountdata->addr, NFS_PORT); | 128 | nfs_set_port(mountdata->addr, NFS_PORT); |
| 128 | 129 | ||
| 129 | strncpy(page2, buf->data, page2len); | 130 | memcpy(page2, buf->data, buf->len); |
| 130 | page2[page2len] = '\0'; | 131 | page2[buf->len] = '\0'; |
| 131 | mountdata->hostname = page2; | 132 | mountdata->hostname = page2; |
| 132 | 133 | ||
| 133 | snprintf(page, PAGE_SIZE, "%s:%s", | 134 | snprintf(page, PAGE_SIZE, "%s:%s", |