orangefs: Avoid symlink upcall if target is too long.

Previously the client-core detected this condition by sheer luck! Since we used strncpy, no NUL byte would be included on the name. The client-core would call strlen, which would read past the end of its buffer, but return a number large enough that the client-core would return ENAMETOOLONG. Signed-off-by: Martin Brandenburg <martin@omnibond.com> Signed-off-by: Mike Marshall <hubcap@omnibond.com>

orangefs: Avoid symlink upcall if target is too long.
Previously the client-core detected this condition by sheer luck! Since we used strncpy, no NUL byte would be included on the name. The client-core would call strlen, which would read past the end of its buffer, but return a number large enough that the client-core would return ENAMETOOLONG. Signed-off-by: Martin Brandenburg <martin@omnibond.com> Signed-off-by: Mike Marshall <hubcap@omnibond.com>
c62da585 · Martin Brandenburg · Mike Marshall · 162ada77 · c62da585
Commit c62da585 authored Feb 29, 2016 by Martin Brandenburg Committed by Mike Marshall Mar 09, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

fs/orangefs/namei.c fs/orangefs/namei.c +3 -0

No files found.
--- a/fs/orangefs/namei.c
+++ b/fs/orangefs/namei.c
@@ -269,6 +269,9 @@ static int orangefs_symlink(struct inode *dir,
 	if (!symname)
 		return -EINVAL;

+	if (strlen(symname)+1 > ORANGEFS_NAME_MAX)
+		return -ENAMETOOLONG;
+
 	new_op = op_alloc(ORANGEFS_VFS_OP_SYMLINK);
 	if (!new_op)
 		return -ENOMEM;