Commit 53f57fef authored by Mike Marshall's avatar Mike Marshall

Orangefs: Extra sanity insurance on buffer before using string functions on it.

Signed-off-by: default avatarMike Marshall <hubcap@omnibond.com>
parent ab665252
...@@ -678,6 +678,19 @@ static long dispatch_ioctl_command(unsigned int command, unsigned long arg) ...@@ -678,6 +678,19 @@ static long dispatch_ioctl_command(unsigned int command, unsigned long arg)
ret = copy_from_user(&client_debug_array_string, ret = copy_from_user(&client_debug_array_string,
(void __user *)arg, (void __user *)arg,
ORANGEFS_MAX_DEBUG_STRING_LEN); ORANGEFS_MAX_DEBUG_STRING_LEN);
/*
* The real client-core makes an effort to ensure
* that actual strings that aren't too long to fit in
* this buffer is what we get here. We're going to use
* string functions on the stuff we got, so we'll make
* this extra effort to try and keep from
* flowing out of this buffer when we use the string
* functions, even if somehow the stuff we end up
* with here is garbage.
*/
client_debug_array_string[ORANGEFS_MAX_DEBUG_STRING_LEN - 1] =
'\0';
if (ret != 0) { if (ret != 0) {
pr_info("%s: CLIENT_STRING: copy_from_user failed\n", pr_info("%s: CLIENT_STRING: copy_from_user failed\n",
__func__); __func__);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment