From c62da5853de5564e367932185500f96ab70a6f7c Mon Sep 17 00:00:00 2001 From: Martin Brandenburg Date: Mon, 29 Feb 2016 16:07:35 -0500 Subject: orangefs: Avoid symlink upcall if target is too long. Previously the client-core detected this condition by sheer luck! Since we used strncpy, no NUL byte would be included on the name. The client-core would call strlen, which would read past the end of its buffer, but return a number large enough that the client-core would return ENAMETOOLONG. Signed-off-by: Martin Brandenburg Signed-off-by: Mike Marshall --- fs/orangefs/namei.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'fs/orangefs/namei.c') diff --git a/fs/orangefs/namei.c b/fs/orangefs/namei.c index 650ff29..5a60c50 100644 --- a/fs/orangefs/namei.c +++ b/fs/orangefs/namei.c @@ -269,6 +269,9 @@ static int orangefs_symlink(struct inode *dir, if (!symname) return -EINVAL; + if (strlen(symname)+1 > ORANGEFS_NAME_MAX) + return -ENAMETOOLONG; + new_op = op_alloc(ORANGEFS_VFS_OP_SYMLINK); if (!new_op) return -ENOMEM; -- cgit v1.1