orangefs: Avoid symlink upcall if target is too long.

Previously the client-core detected this condition by sheer luck! Since we used strncpy, no NUL byte would be included on the name. The client-core would call strlen, which would read past the end of its buffer, but return a number large enough that the client-core would return ENAMETOOLONG. Signed-off-by: N Martin Brandenburg <martin@omnibond.com> Signed-off-by: N Mike Marshall <hubcap@omnibond.com>

orangefs: Avoid symlink upcall if target is too long.
Previously the client-core detected this condition by sheer luck! Since we used strncpy, no NUL byte would be included on the name. The client-core would call strlen, which would read past the end of its buffer, but return a number large enough that the client-core would return ENAMETOOLONG. Signed-off-by: N Martin Brandenburg <martin@omnibond.com> Signed-off-by: N Mike Marshall <hubcap@omnibond.com>
c62da585 · Martin Brandenburg · Mike Marshall · 162ada77 · c62da585
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

fs/orangefs/namei.c fs/orangefs/namei.c +3 -0

未找到文件。
--- a/fs/orangefs/namei.c
+++ b/fs/orangefs/namei.c
@@ -269,6 +269,9 @@ static int orangefs_symlink(struct inode *dir,
 	if (!symname)
 		return -EINVAL;

+	if (strlen(symname)+1 > ORANGEFS_NAME_MAX)
+		return -ENAMETOOLONG;
+
 	new_op = op_alloc(ORANGEFS_VFS_OP_SYMLINK);
 	if (!new_op)
 		return -ENOMEM;