login
Login / Register
Header Space

 
 

Home » Mailing list archives » git-commits-head » 2008 » May » 15

add match_strlcpy() us it to make v9fs make uname and remotename parsing more robust

Score:
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Linux Kernel Mailing List <linux-kernel@...>
To: <git-commits-head@...>
Subject: add match_strlcpy() us it to make v9fs make uname and remotename parsing more robust
Date: Wednesday, May 14, 2008 - 10:59 pm

Gitweb:     http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b32a09...
Commit:     b32a09db4fb9a87246ba4e7726a979ac4709ad97
Parent:     dd286422fefdcff784e8d336deeb88ce817e14db
Author:     Markus Armbruster <armbru@redhat.com>
AuthorDate: Tue Feb 26 09:57:11 2008 -0600
Committer:  Eric Van Hensbergen <ericvh@opteron.9grid.us>
CommitDate: Wed May 14 19:23:25 2008 -0500

    add match_strlcpy() us it to make v9fs make uname and remotename parsing more robust
    
    match_strcpy() is a somewhat creepy function: the caller needs to make sure
    that the destination buffer is big enough, and when he screws up or
    forgets, match_strcpy() happily overruns the buffer.
    
    There's exactly one customer: v9fs_parse_options().  I believe it currently
    can't overflow its buffer, but that's not exactly obvious.
    
    The source string is a substing of the mount options.  The kernel silently
    truncates those to PAGE_SIZE bytes, including the terminating zero.  See
    compat_sys_mount() and do_mount().
    
    The destination buffer is obtained from __getname(), which allocates from
    name_cachep, which is initialized by vfs_caches_init() for size PATH_MAX.
    
    We're safe as long as PATH_MAX <= PAGE_SIZE.  PATH_MAX is 4096.  As far as
    I know, the smallest PAGE_SIZE is also 4096.
    
    Here's a patch that makes the code a bit more obviously correct.  It
    doesn't depend on PATH_MAX <= PAGE_SIZE.
    
    Signed-off-by: Markus Armbruster <armbru@redhat.com>
    Cc: Latchesar Ionkov <lucho@ionkov.net>
    Cc: Jim Meyering <meyering@redhat.com>
    Cc: "Randy.Dunlap" <rdunlap@xenotime.net>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
---
 fs/9p/v9fs.c           |    4 ++--
 include/linux/parser.h |    2 +-
 lib/parser.c           |   32 ++++++++++++++++++++------------
 3 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/fs/9p/v9fs.c b/fs/9p/v9fs.c
index 9b0f022..e307fbd 100644
--- a/fs/9p/v9fs.c
+++ b/fs/9p/v9fs.c
@@ -125,10 +125,10 @@ static void v9fs_parse_options(struct v9fs_session_info *v9ses)
 			v9ses->afid = option;
 			break;
 		case Opt_uname:
-			match_strcpy(v9ses->uname, &args[0]);
+			match_strlcpy(v9ses->uname, &args[0], PATH_MAX);
 			break;
 		case Opt_remotename:
-			match_strcpy(v9ses->aname, &args[0]);
+			match_strlcpy(v9ses->aname, &args[0], PATH_MAX);
 			break;
 		case Opt_nodevmap:
 			v9ses->nodev = 1;
diff --git a/include/linux/parser.h b/include/linux/parser.h
index 26b2bdf..7dcd050 100644
--- a/include/linux/parser.h
+++ b/include/linux/parser.h
@@ -29,5 +29,5 @@ int match_token(char *, match_table_t table, substring_t args[]);
 int match_int(substring_t *, int *result);
 int match_octal(substring_t *, int *result);
 int match_hex(substring_t *, int *result);
-void match_strcpy(char *, const substring_t *);
+size_t match_strlcpy(char *, const substring_t *, size_t);
 char *match_strdup(const substring_t *);
diff --git a/lib/parser.c b/lib/parser.c
index 703c8c1..4f0cbc0 100644
--- a/lib/parser.c
+++ b/lib/parser.c
@@ -182,18 +182,25 @@ int match_hex(substring_t *s, int *result)
 }
 
 /**
- * match_strcpy: - copies the characters from a substring_t to a string
- * @to: string to copy characters to.
- * @s: &substring_t to copy
+ * match_strlcpy: - Copy the characters from a substring_t to a sized buffer
+ * @dest: where to copy to
+ * @src: &substring_t to copy
+ * @size: size of destination buffer
  *
- * Description: Copies the set of characters represented by the given
- * &substring_t @s to the c-style string @to. Caller guarantees that @to is
- * large enough to hold the characters of @s.
+ * Description: Copy the characters in &substring_t @src to the
+ * c-style string @dest.  Copy no more than @size - 1 characters, plus
+ * the terminating NUL.  Return length of @src.
  */
-void match_strcpy(char *to, const substring_t *s)
+size_t match_strlcpy(char *dest, const substring_t *src, size_t size)
 {
-	memcpy(to, s->from, s->to - s->from);
-	to[s->to - s->from] = '\0';
+	size_t ret = src->to - src->from;
+
+	if (size) {
+		size_t len = ret >= size ? size - 1 : ret;
+		memcpy(dest, src->from, len);
+		dest[len] = '\0';
+	}
+	return ret;
 }
 
 /**
@@ -206,9 +213,10 @@ void match_strcpy(char *to, const substring_t *s)
  */
 char *match_strdup(const substring_t *s)
 {
-	char *p = kmalloc(s->to - s->from + 1, GFP_KERNEL);
+	size_t sz = s->to - s->from + 1;
+	char *p = kmalloc(sz, GFP_KERNEL);
 	if (p)
-		match_strcpy(p, s);
+		match_strlcpy(p, s, sz);
 	return p;
 }
 
@@ -216,5 +224,5 @@ EXPORT_SYMBOL(match_token);
 EXPORT_SYMBOL(match_int);
 EXPORT_SYMBOL(match_octal);
 EXPORT_SYMBOL(match_hex);
-EXPORT_SYMBOL(match_strcpy);
+EXPORT_SYMBOL(match_strlcpy);
 EXPORT_SYMBOL(match_strdup);
--
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
add match_strlcpy() us it to make v9fs make uname and remote..., Linux Kernel Mailing List..., (Wed May 14, 10:59 pm)

Mail archive search
Enter your search terms.
Optionally limit your search to a specific mailing list.
advanced
Colocation donated by:
Who's online
There are currently 4 users and 877 guests online.

Online users

Syndicate
Syndicate content
© 2007 KernelTrap.  |  Powered by Drupal.  |  Legal statement.
speck-geostationary