summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Brandenburg <martin@omnibond.com>2016-02-29 16:07:35 -0500
committerMike Marshall <hubcap@omnibond.com>2016-03-09 13:26:39 -0500
commitc62da5853de5564e367932185500f96ab70a6f7c (patch)
tree91d6e34fb6de554c1d9d7451bd2d3f8ae13bc324
parent162ada7764162eb2eb0a02546f820ca8b099cdea (diff)
downloadlinux-c62da5853de5564e367932185500f96ab70a6f7c.tar.bz2
orangefs: Avoid symlink upcall if target is too long.
Previously the client-core detected this condition by sheer luck! Since we used strncpy, no NUL byte would be included on the name. The client-core would call strlen, which would read past the end of its buffer, but return a number large enough that the client-core would return ENAMETOOLONG. Signed-off-by: Martin Brandenburg <martin@omnibond.com> Signed-off-by: Mike Marshall <hubcap@omnibond.com>
-rw-r--r--fs/orangefs/namei.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/orangefs/namei.c b/fs/orangefs/namei.c
index 650ff299738b..5a60c508af4e 100644
--- a/fs/orangefs/namei.c
+++ b/fs/orangefs/namei.c
@@ -269,6 +269,9 @@ static int orangefs_symlink(struct inode *dir,
if (!symname)
return -EINVAL;
+ if (strlen(symname)+1 > ORANGEFS_NAME_MAX)
+ return -ENAMETOOLONG;
+
new_op = op_alloc(ORANGEFS_VFS_OP_SYMLINK);
if (!new_op)
return -ENOMEM;