add match_strlcpy() us it to make v9fs make uname and remotename parsing more robust
authorMarkus Armbruster <armbru@redhat.com>
Tue, 26 Feb 2008 15:57:11 +0000 (09:57 -0600)
committerEric Van Hensbergen <ericvh@opteron.9grid.us>
Thu, 15 May 2008 00:23:25 +0000 (19:23 -0500)
commitb32a09db4fb9a87246ba4e7726a979ac4709ad97
treeb84cf43745c329ccbcbd2671da91e729db8132ca
parentdd286422fefdcff784e8d336deeb88ce817e14db
add match_strlcpy() us it to make v9fs make uname and remotename parsing more robust

match_strcpy() is a somewhat creepy function: the caller needs to make sure
that the destination buffer is big enough, and when he screws up or
forgets, match_strcpy() happily overruns the buffer.

There's exactly one customer: v9fs_parse_options().  I believe it currently
can't overflow its buffer, but that's not exactly obvious.

The source string is a substing of the mount options.  The kernel silently
truncates those to PAGE_SIZE bytes, including the terminating zero.  See
compat_sys_mount() and do_mount().

The destination buffer is obtained from __getname(), which allocates from
name_cachep, which is initialized by vfs_caches_init() for size PATH_MAX.

We're safe as long as PATH_MAX <= PAGE_SIZE.  PATH_MAX is 4096.  As far as
I know, the smallest PAGE_SIZE is also 4096.

Here's a patch that makes the code a bit more obviously correct.  It
doesn't depend on PATH_MAX <= PAGE_SIZE.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Cc: Latchesar Ionkov <lucho@ionkov.net>
Cc: Jim Meyering <meyering@redhat.com>
Cc: "Randy.Dunlap" <rdunlap@xenotime.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
fs/9p/v9fs.c
include/linux/parser.h
lib/parser.c