summaryrefslogtreecommitdiff
path: root/drivers/md
diff options
context:
space:
mode:
authorDan Williams <dan.j.williams@gmail.com>2008-09-25 09:48:19 +0400
committerNeilBrown <neilb@suse.de>2008-10-16 10:03:08 +0400
commit97ce0a7f9caf9d715cee815a016ee21575f71c95 (patch)
treeb35d4f84795a9b3f20a22faa43148a9c2c68d051 /drivers/md
parent08ff39f1c8f2134f7d0f38123ca5952371665cc5 (diff)
downloadlinux-97ce0a7f9caf9d715cee815a016ee21575f71c95.tar.xz
md: fix input truncation in safe_delay_store()
safe_delay_store() currently truncates the last character of input since it tells strlcpy that the buffer can only hold 'len' characters, off by one. sysfs already null terminates the buffer, so just increase the last argument to strlcpy. Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
Diffstat (limited to 'drivers/md')
-rw-r--r--drivers/md/md.c8
1 files changed, 3 insertions, 5 deletions
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 39c9c87a1342..aaa3d465de4e 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -2394,12 +2394,11 @@ safe_delay_store(mddev_t *mddev, const char *cbuf, size_t len)
int i;
unsigned long msec;
char buf[30];
- char *e;
+
/* remove a period, and count digits after it */
if (len >= sizeof(buf))
return -EINVAL;
- strlcpy(buf, cbuf, len);
- buf[len] = 0;
+ strlcpy(buf, cbuf, sizeof(buf));
for (i=0; i<len; i++) {
if (dot) {
if (isdigit(buf[i])) {
@@ -2412,8 +2411,7 @@ safe_delay_store(mddev_t *mddev, const char *cbuf, size_t len)
buf[i] = 0;
}
}
- msec = simple_strtoul(buf, &e, 10);
- if (e == buf || (*e && *e != '\n'))
+ if (strict_strtoul(buf, 10, &msec) < 0)
return -EINVAL;
msec = (msec * 1000) / scale;
if (msec == 0)