diff options
author | Markus Armbruster <armbru@redhat.com> | 2008-02-26 10:57:11 -0500 |
---|---|---|
committer | Eric Van Hensbergen <ericvh@opteron.9grid.us> | 2008-05-14 20:23:25 -0400 |
commit | b32a09db4fb9a87246ba4e7726a979ac4709ad97 (patch) | |
tree | b84cf43745c329ccbcbd2671da91e729db8132ca /include/linux | |
parent | dd286422fefdcff784e8d336deeb88ce817e14db (diff) |
add match_strlcpy() us it to make v9fs make uname and remotename parsing more robust
match_strcpy() is a somewhat creepy function: the caller needs to make sure
that the destination buffer is big enough, and when he screws up or
forgets, match_strcpy() happily overruns the buffer.
There's exactly one customer: v9fs_parse_options(). I believe it currently
can't overflow its buffer, but that's not exactly obvious.
The source string is a substing of the mount options. The kernel silently
truncates those to PAGE_SIZE bytes, including the terminating zero. See
compat_sys_mount() and do_mount().
The destination buffer is obtained from __getname(), which allocates from
name_cachep, which is initialized by vfs_caches_init() for size PATH_MAX.
We're safe as long as PATH_MAX <= PAGE_SIZE. PATH_MAX is 4096. As far as
I know, the smallest PAGE_SIZE is also 4096.
Here's a patch that makes the code a bit more obviously correct. It
doesn't depend on PATH_MAX <= PAGE_SIZE.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Cc: Latchesar Ionkov <lucho@ionkov.net>
Cc: Jim Meyering <meyering@redhat.com>
Cc: "Randy.Dunlap" <rdunlap@xenotime.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/parser.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/parser.h b/include/linux/parser.h index 26b2bdfcaf06..7dcd05075756 100644 --- a/include/linux/parser.h +++ b/include/linux/parser.h | |||
@@ -29,5 +29,5 @@ int match_token(char *, match_table_t table, substring_t args[]); | |||
29 | int match_int(substring_t *, int *result); | 29 | int match_int(substring_t *, int *result); |
30 | int match_octal(substring_t *, int *result); | 30 | int match_octal(substring_t *, int *result); |
31 | int match_hex(substring_t *, int *result); | 31 | int match_hex(substring_t *, int *result); |
32 | void match_strcpy(char *, const substring_t *); | 32 | size_t match_strlcpy(char *, const substring_t *, size_t); |
33 | char *match_strdup(const substring_t *); | 33 | char *match_strdup(const substring_t *); |