The patch titled
add match_strlcpy() us it to make v9fs make uname and remotename parsing
more robust
has been added to the -mm tree. Its filename is
add-match_strlcpy-us-it-to-make-v9fs-make-uname-and-remotename-parsing-more-robust.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/
------------------------------------------------------
Subject: add match_strlcpy() us it to make v9fs make uname and remotename
parsing more robust
From: Markus Armbruster <[EMAIL PROTECTED]>
match_strcpy() is a somewhat creepy function: the caller needs to make sure
that the destination buffer is big enough, and when he screws up or
forgets, match_strcpy() happily overruns the buffer.
There's exactly one customer: v9fs_parse_options(). I believe it currently
can't overflow its buffer, but that's not exactly obvious.
The source string is a substing of the mount options. The kernel silently
truncates those to PAGE_SIZE bytes, including the terminating zero. See
compat_sys_mount() and do_mount().
The destination buffer is obtained from __getname(), which allocates from
name_cachep, which is initialized by vfs_caches_init() for size PATH_MAX.
We're safe as long as PATH_MAX <= PAGE_SIZE. PATH_MAX is 4096. As far as
I know, the smallest PAGE_SIZE is also 4096.
Here's a patch that makes the code a bit more obviously correct. It
doesn't depend on PATH_MAX <= PAGE_SIZE.
Signed-off-by: Markus Armbruster <[EMAIL PROTECTED]>
Cc: Latchesar Ionkov <[EMAIL PROTECTED]>
Cc: Eric Van Hensbergen <[EMAIL PROTECTED]>
Cc: Jim Meyering <[EMAIL PROTECTED]>
Cc: "Randy.Dunlap" <[EMAIL PROTECTED]>
Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
---
fs/9p/v9fs.c | 4 ++--
include/linux/parser.h | 2 +-
lib/parser.c | 32 ++++++++++++++++++++------------
3 files changed, 23 insertions(+), 15 deletions(-)
diff -puN
fs/9p/v9fs.c~add-match_strlcpy-us-it-to-make-v9fs-make-uname-and-remotename-parsing-more-robust
fs/9p/v9fs.c
---
a/fs/9p/v9fs.c~add-match_strlcpy-us-it-to-make-v9fs-make-uname-and-remotename-parsing-more-robust
+++ a/fs/9p/v9fs.c
@@ -133,10 +133,10 @@ static int v9fs_parse_options(struct v9f
v9ses->afid = option;
break;
case Opt_uname:
- match_strcpy(v9ses->uname, &args[0]);
+ match_strlcpy(v9ses->uname, &args[0], PATH_MAX);
break;
case Opt_remotename:
- match_strcpy(v9ses->aname, &args[0]);
+ match_strlcpy(v9ses->aname, &args[0], PATH_MAX);
break;
case Opt_nodevmap:
v9ses->nodev = 1;
diff -puN
include/linux/parser.h~add-match_strlcpy-us-it-to-make-v9fs-make-uname-and-remotename-parsing-more-robust
include/linux/parser.h
---
a/include/linux/parser.h~add-match_strlcpy-us-it-to-make-v9fs-make-uname-and-remotename-parsing-more-robust
+++ a/include/linux/parser.h
@@ -29,5 +29,5 @@ int match_token(char *, match_table_t ta
int match_int(substring_t *, int *result);
int match_octal(substring_t *, int *result);
int match_hex(substring_t *, int *result);
-void match_strcpy(char *, const substring_t *);
+size_t match_strlcpy(char *, const substring_t *, size_t);
char *match_strdup(const substring_t *);
diff -puN
lib/parser.c~add-match_strlcpy-us-it-to-make-v9fs-make-uname-and-remotename-parsing-more-robust
lib/parser.c
---
a/lib/parser.c~add-match_strlcpy-us-it-to-make-v9fs-make-uname-and-remotename-parsing-more-robust
+++ a/lib/parser.c
@@ -182,18 +182,25 @@ int match_hex(substring_t *s, int *resul
}
/**
- * match_strcpy: - copies the characters from a substring_t to a string
- * @to: string to copy characters to.
- * @s: &substring_t to copy
+ * match_strlcpy: - Copy the characters from a substring_t to a sized buffer
+ * @dest: where to copy to
+ * @src: &substring_t to copy
+ * @size: size of destination buffer
*
- * Description: Copies the set of characters represented by the given
- * &substring_t @s to the c-style string @to. Caller guarantees that @to is
- * large enough to hold the characters of @s.
+ * Description: Copy the characters in &substring_t @src to the
+ * c-style string @dest. Copy no more than @size - 1 characters, plus
+ * the terminating NUL. Return length of @src.
*/
-void match_strcpy(char *to, const substring_t *s)
+size_t match_strlcpy(char *dest, const substring_t *src, size_t size)
{
- memcpy(to, s->from, s->to - s->from);
- to[s->to - s->from] = '\0';
+ size_t ret = src->to - src->from;
+
+ if (size) {
+ size_t len = ret >= size ? size - 1 : ret;
+ memcpy(dest, src->from, len);
+ dest[len] = '\0';
+ }
+ return ret;
}
/**
@@ -206,9 +213,10 @@ void match_strcpy(char *to, const substr
*/
char *match_strdup(const substring_t *s)
{
- char *p = kmalloc(s->to - s->from + 1, GFP_KERNEL);
+ size_t sz = s->to - s->from + 1;
+ char *p = kmalloc(sz, GFP_KERNEL);
if (p)
- match_strcpy(p, s);
+ match_strlcpy(p, s, sz);
return p;
}
@@ -216,5 +224,5 @@ EXPORT_SYMBOL(match_token);
EXPORT_SYMBOL(match_int);
EXPORT_SYMBOL(match_octal);
EXPORT_SYMBOL(match_hex);
-EXPORT_SYMBOL(match_strcpy);
+EXPORT_SYMBOL(match_strlcpy);
EXPORT_SYMBOL(match_strdup);
_
Patches currently in -mm which might be from [EMAIL PROTECTED] are
add-match_strlcpy-us-it-to-make-v9fs-make-uname-and-remotename-parsing-more-robust.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
