Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

orangefs: Avoid symlink upcall if target is too long.

Previously the client-core detected this condition by sheer luck!

Since we used strncpy, no NUL byte would be included on the name. The
client-core would call strlen, which would read past the end of its
buffer, but return a number large enough that the client-core would
return ENAMETOOLONG.

Signed-off-by: Martin Brandenburg <martin@omnibond.com>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
Martin Brandenburg 9 years ago
parent
162ada7764
commit
c62da5853d
1 changed files with 3 additions and 0 deletions
Split View Show Diff Stats
  1. 3 0
      fs/orangefs/namei.c

+ 3 - 0
fs/orangefs/namei.c
View File 

@@ -269,6 +269,9 @@ static int orangefs_symlink(struct inode *dir,
 
 	if (!symname)
 
 		return -EINVAL;
 
 
+	if (strlen(symname)+1 > ORANGEFS_NAME_MAX)
 
+		return -ENAMETOOLONG;
 
+
 
 	new_op = op_alloc(ORANGEFS_VFS_OP_SYMLINK);
 
 	if (!new_op)
 
 		return -ENOMEM;