• Andrew Morton's avatar
    [PATCH] Fix deep stack usage in ncpfs · fea7cfba
    Andrew Morton authored
    From: Petr Vandrovec <vandrove@vc.cvut.cz>
    
    
    Arjan van de Ven pointed out to me there are no checks on name component
    lengths in ncpfs, so potentially 4KB regions could be allocated on stack,
    leading to the user controlled stack overflow.
    
    It was using variable-sized arrays, so this snuck past the static
    stack-usage checking tools.
    
    As NCP is limited to 255 bytes on components, we can simple limit these
    local variables to 256 bytes, and after this stack usage looks more
    acceptable.  Length checking occurs inside ncp_vol2io, during
    iocharset->codepage conversion.
    
    As a side effect support for multibyte codepages now works as it should,
    instead of returning -EINVAL whenever filename in 'codepage' encoding was
    longer than in 'iocharset'.
    
    Other part fixes typo where atime change updated ctime and not atime field.
    fea7cfba
inode.c 25.2 KB