[PATCH] NFSv4: harden nfs4_get_uniquifier() function

Sun, 19 Jan 2025 20:56:04 -0800 

If the incorrect buffer size were passed into nfs4_get_uniquifier
function then a memory access error could occur. This change prevents us
from accidentally passing an unrelated variable into the buffer copy
function.

Signed-off-by: Ethan Carter Edwards <[email protected]>
---
 fs/nfs/nfs4proc.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 405f17e6e0b4..18311bf5338d 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -6408,7 +6408,7 @@ static void nfs4_init_boot_verifier(const struct 
nfs_client *clp,
 }
 
 static size_t
-nfs4_get_uniquifier(struct nfs_client *clp, char *buf, size_t buflen)
+nfs4_get_uniquifier(struct nfs_client *clp, char *buf)
 {
        struct nfs_net *nn = net_generic(clp->cl_net, nfs_net_id);
        struct nfs_netns_client *nn_clp = nn->nfs_client;
@@ -6420,12 +6420,12 @@ nfs4_get_uniquifier(struct nfs_client *clp, char *buf, 
size_t buflen)
                rcu_read_lock();
                id = rcu_dereference(nn_clp->identifier);
                if (id)
-                       strscpy(buf, id, buflen);
+                       strscpy(buf, id, sizeof(buf));
                rcu_read_unlock();
        }
 
        if (nfs4_client_id_uniquifier[0] != '\0' && buf[0] == '\0')
-               strscpy(buf, nfs4_client_id_uniquifier, buflen);
+               strscpy(buf, nfs4_client_id_uniquifier, sizeof(buf));
 
        return strlen(buf);
 }
@@ -6449,7 +6449,7 @@ nfs4_init_nonuniform_client_string(struct nfs_client *clp)
                1;
        rcu_read_unlock();
 
-       buflen = nfs4_get_uniquifier(clp, buf, sizeof(buf));
+       buflen = nfs4_get_uniquifier(clp, buf);
        if (buflen)
                len += buflen + 1;
 
@@ -6496,7 +6496,7 @@ nfs4_init_uniform_client_string(struct nfs_client *clp)
        len = 10 + 10 + 1 + 10 + 1 +
                strlen(clp->cl_rpcclient->cl_nodename) + 1;
 
-       buflen = nfs4_get_uniquifier(clp, buf, sizeof(buf));
+       buflen = nfs4_get_uniquifier(clp, buf);
        if (buflen)
                len += buflen + 1;
 
-- 
2.48.0

Reply via email to