Commit c62da585 authored by Martin Brandenburg's avatar Martin Brandenburg Committed by Mike Marshall

orangefs: Avoid symlink upcall if target is too long.

Previously the client-core detected this condition by sheer luck!

Since we used strncpy, no NUL byte would be included on the name. The
client-core would call strlen, which would read past the end of its
buffer, but return a number large enough that the client-core would
return ENAMETOOLONG.
Signed-off-by: default avatarMartin Brandenburg <martin@omnibond.com>
Signed-off-by: default avatarMike Marshall <hubcap@omnibond.com>
parent 162ada77
...@@ -269,6 +269,9 @@ static int orangefs_symlink(struct inode *dir, ...@@ -269,6 +269,9 @@ static int orangefs_symlink(struct inode *dir,
if (!symname) if (!symname)
return -EINVAL; return -EINVAL;
if (strlen(symname)+1 > ORANGEFS_NAME_MAX)
return -ENAMETOOLONG;
new_op = op_alloc(ORANGEFS_VFS_OP_SYMLINK); new_op = op_alloc(ORANGEFS_VFS_OP_SYMLINK);
if (!new_op) if (!new_op)
return -ENOMEM; return -ENOMEM;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment