• Markus Armbruster's avatar
    add match_strlcpy() us it to make v9fs make uname and remotename parsing more robust · b32a09db
    Markus Armbruster authored
    match_strcpy() is a somewhat creepy function: the caller needs to make sure
    that the destination buffer is big enough, and when he screws up or
    forgets, match_strcpy() happily overruns the buffer.
    
    There's exactly one customer: v9fs_parse_options().  I believe it currently
    can't overflow its buffer, but that's not exactly obvious.
    
    The source string is a substing of the mount options.  The kernel silently
    truncates those to PAGE_SIZE bytes, including the terminating zero.  See
    compat_sys_mount() and do_mount().
    
    The destination buffer is obtained from __getname(), which allocates from
    name_cachep, which is initialized by vfs_caches_init() for size PATH_MAX.
    
    We're safe as long as PATH_MAX <= PAGE_SIZE.  PATH_MAX is 4096.  As far as
    I know, the smallest PAGE_SIZE is also 4096.
    
    Here's a patch that makes the code a bit more obviously correct.  It
    doesn't depend on PATH_MAX <= PAGE_SIZE.
    Signed-off-by: default avatarMarkus Armbruster <armbru@redhat.com>
    Cc: Latchesar Ionkov <lucho@ionkov.net>
    Cc: Jim Meyering <meyering@redhat.com>
    Cc: "Randy.Dunlap" <rdunlap@xenotime.net>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarEric Van Hensbergen <ericvh@gmail.com>
    b32a09db
v9fs.c 6.55 KB