diff options
author | Namjae Jeon <namjae.jeon@samsung.com> | 2021-08-27 04:18:05 +0300 |
---|---|---|
committer | Steve French <stfrench@microsoft.com> | 2021-08-27 22:03:49 +0300 |
commit | 7d5d8d7156892f82cf40b63228ce788248cc57a3 (patch) | |
tree | c0916d40259ae0332383c6b5df2f413e85065b96 /fs/ksmbd | |
parent | 32e19d12fc7c0bd027b3e657e790f986ac80d837 (diff) | |
download | linux-7d5d8d7156892f82cf40b63228ce788248cc57a3.tar.xz |
ksmbd: fix __write_overflow warning in ndr_read_string
Dan reported __write_overflow warning in ndr_read_string.
CC [M] fs/ksmbd/ndr.o
In file included from ./include/linux/string.h:253,
from ./include/linux/bitmap.h:11,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/cpumask.h:5,
from ./arch/x86/include/asm/msr.h:11,
from ./arch/x86/include/asm/processor.h:22,
from ./arch/x86/include/asm/cpufeature.h:5,
from ./arch/x86/include/asm/thread_info.h:53,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/wait.h:9,
from ./include/linux/wait_bit.h:8,
from ./include/linux/fs.h:6,
from fs/ksmbd/ndr.c:7:
In function memcpy,
inlined from ndr_read_string at fs/ksmbd/ndr.c:86:2,
inlined from ndr_decode_dos_attr at fs/ksmbd/ndr.c:167:2:
./include/linux/fortify-string.h:219:4: error: call to __write_overflow
declared with attribute error: detected write beyond size of object
__write_overflow();
^~~~~~~~~~~~~~~~~~
This seems to be a false alarm because hex_attr size is always smaller
than n->length. This patch fix this warning by allocation hex_attr with
n->length.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs/ksmbd')
-rw-r--r-- | fs/ksmbd/ndr.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/fs/ksmbd/ndr.c b/fs/ksmbd/ndr.c index df23dfbaf657..2243a2c64b37 100644 --- a/fs/ksmbd/ndr.c +++ b/fs/ksmbd/ndr.c @@ -160,11 +160,16 @@ int ndr_encode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da) int ndr_decode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da) { - char hex_attr[12] = {0}; + char *hex_attr; int version2; + hex_attr = kzalloc(n->length, GFP_KERNEL); + if (!hex_attr) + return -ENOMEM; + n->offset = 0; - ndr_read_string(n, hex_attr, n->length - n->offset); + ndr_read_string(n, hex_attr, n->length); + kfree(hex_attr); da->version = ndr_read_int16(n); if (da->version != 3 && da->version != 4) { |