diff options
author | Mike Marshall <hubcap@omnibond.com> | 2016-03-14 22:28:34 +0300 |
---|---|---|
committer | Mike Marshall <hubcap@omnibond.com> | 2016-03-14 22:48:28 +0300 |
commit | 53f57fef43f5b9586c7a78acdeae27e206eae48b (patch) | |
tree | 8ddad64ffe7565442e5e0786101f32079fbd16f2 /fs/orangefs | |
parent | ab6652524aaf834d5dcdb46dd7695813b8d63da5 (diff) | |
download | linux-53f57fef43f5b9586c7a78acdeae27e206eae48b.tar.xz |
Orangefs: Extra sanity insurance on buffer before using string functions on it.
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
Diffstat (limited to 'fs/orangefs')
-rw-r--r-- | fs/orangefs/devorangefs-req.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/fs/orangefs/devorangefs-req.c b/fs/orangefs/devorangefs-req.c index 12ea8730aa5d..35418d0b77bf 100644 --- a/fs/orangefs/devorangefs-req.c +++ b/fs/orangefs/devorangefs-req.c @@ -678,6 +678,19 @@ static long dispatch_ioctl_command(unsigned int command, unsigned long arg) ret = copy_from_user(&client_debug_array_string, (void __user *)arg, ORANGEFS_MAX_DEBUG_STRING_LEN); + /* + * The real client-core makes an effort to ensure + * that actual strings that aren't too long to fit in + * this buffer is what we get here. We're going to use + * string functions on the stuff we got, so we'll make + * this extra effort to try and keep from + * flowing out of this buffer when we use the string + * functions, even if somehow the stuff we end up + * with here is garbage. + */ + client_debug_array_string[ORANGEFS_MAX_DEBUG_STRING_LEN - 1] = + '\0'; + if (ret != 0) { pr_info("%s: CLIENT_STRING: copy_from_user failed\n", __func__); |