diff options
author | Martin Brandenburg <martin@omnibond.com> | 2016-02-29 16:07:35 -0500 |
---|---|---|
committer | Mike Marshall <hubcap@omnibond.com> | 2016-03-09 13:26:39 -0500 |
commit | c62da5853de5564e367932185500f96ab70a6f7c (patch) | |
tree | 91d6e34fb6de554c1d9d7451bd2d3f8ae13bc324 | |
parent | 162ada7764162eb2eb0a02546f820ca8b099cdea (diff) | |
download | linux-c62da5853de5564e367932185500f96ab70a6f7c.tar.bz2 |
orangefs: Avoid symlink upcall if target is too long.
Previously the client-core detected this condition by sheer luck!
Since we used strncpy, no NUL byte would be included on the name. The
client-core would call strlen, which would read past the end of its
buffer, but return a number large enough that the client-core would
return ENAMETOOLONG.
Signed-off-by: Martin Brandenburg <martin@omnibond.com>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
-rw-r--r-- | fs/orangefs/namei.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/orangefs/namei.c b/fs/orangefs/namei.c index 650ff299738b..5a60c508af4e 100644 --- a/fs/orangefs/namei.c +++ b/fs/orangefs/namei.c @@ -269,6 +269,9 @@ static int orangefs_symlink(struct inode *dir, if (!symname) return -EINVAL; + if (strlen(symname)+1 > ORANGEFS_NAME_MAX) + return -ENAMETOOLONG; + new_op = op_alloc(ORANGEFS_VFS_OP_SYMLINK); if (!new_op) return -ENOMEM; |