Halaman utama Jelajahi Bantuan
Masuk
PUBLIC_REPOS
/
ti-processor-sdk-linux
2
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Jelajahi Sumber

md: fix input truncation in safe_delay_store()

safe_delay_store() currently truncates the last character of input since
it tells strlcpy that the buffer can only hold 'len' characters, off by
one.  sysfs already null terminates the buffer, so just increase the
last argument to strlcpy.

Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: NeilBrown <neilb@suse.de>
Dan Williams 17 tahun lalu
induk
08ff39f1c8
melakukan
97ce0a7f9c
1 mengubah file dengan 3 tambahan dan 5 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 3 5
      drivers/md/md.c

+ 3 - 5
drivers/md/md.c
Tampilan Berkas 

@@ -2394,12 +2394,11 @@ safe_delay_store(mddev_t *mddev, const char *cbuf, size_t len)
 
 	int i;
 
 	unsigned long msec;
 
 	char buf[30];
 
-	char *e;
 
+
 
 	/* remove a period, and count digits after it */
 
 	if (len >= sizeof(buf))
 
 		return -EINVAL;
 
-	strlcpy(buf, cbuf, len);
 
-	buf[len] = 0;
 
+	strlcpy(buf, cbuf, sizeof(buf));
 
 	for (i=0; i<len; i++) {
 
 		if (dot) {
 
 			if (isdigit(buf[i])) {
 
@@ -2412,8 +2411,7 @@ safe_delay_store(mddev_t *mddev, const char *cbuf, size_t len)
 
 			buf[i] = 0;
 
 		}
 
 	}
 
-	msec = simple_strtoul(buf, &e, 10);
 
-	if (e == buf || (*e && *e != '\n'))
 
+	if (strict_strtoul(buf, 10, &msec) < 0)
 
 		return -EINVAL;
 
 	msec = (msec * 1000) / scale;
 
 	if (msec == 0)