• Chuck Lever's avatar
    NFSD: Prevent a buffer overflow in svc_xprt_names() · 335c54bd
    Chuck Lever authored
    The svc_xprt_names() function can overflow its buffer if it's so near
    the end of the passed in buffer that the "name too long" string still
    doesn't fit.  Of course, it could never tell if it was near the end
    of the passed in buffer, since its only caller passes in zero as the
    buffer length.
    
    Let's make this API a little safer.
    
    Change svc_xprt_names() so it *always* checks for a buffer overflow,
    and change its only caller to pass in the correct buffer length.
    
    If svc_xprt_names() does overflow its buffer, it now fails with an
    ENAMETOOLONG errno, instead of trying to write a message at the end
    of the buffer.  I don't like this much, but I can't figure out a clean
    way that's always safe to return some of the names, *and* an
    indication that the buffer was not long enough.
    
    The displayed error when doing a 'cat /proc/fs/nfsd/portlist' is
    "File name too long".
    Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
    Signed-off-by: default avatarJ. Bruce Fields <bfields@citi.umich.edu>
    335c54bd
svc_xprt.c 32.8 KB