]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
projects / thirdparty / kernel / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bb50432)
NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
authorZichen Xie <zichenxie0106@gmail.com>
Tue, 17 Dec 2024 16:13:12 +0000 (00:13 +0800)
committerAnna Schumaker <anna.schumaker@oracle.com>
Mon, 13 Jan 2025 18:27:25 +0000 (13:27 -0500)
name is char[64] where the size of clnt->cl_program->name remains
unknown. Invoking strcat() directly will also lead to potential buffer
overflow. Change them to strscpy() and strncat() to fix potential
issues.

Signed-off-by: Zichen Xie <zichenxie0106@gmail.com>
Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Anna Schumaker <anna.schumaker@oracle.com>
fs/nfs/sysfs.c patch | blob | blame | history

diff --git a/fs/nfs/sysfs.c b/fs/nfs/sysfs.c
index bf378ecd5d9fdde62ac97587d2b0da505d6cbb83..7b59a40d40c061a41b0fbde91aa006314f02c1fb 100644 (file)
--- a/fs/nfs/sysfs.c
+++ b/fs/nfs/sysfs.c
@@ -280,9 +280,9 @@ void nfs_sysfs_link_rpc_client(struct nfs_server *server,
        char name[RPC_CLIENT_NAME_SIZE];
        int ret;
 
-       strcpy(name, clnt->cl_program->name);
-       strcat(name, uniq ? uniq : "");
-       strcat(name, "_client");
+       strscpy(name, clnt->cl_program->name, sizeof(name));
+       strncat(name, uniq ? uniq : "", sizeof(name) - strlen(name) - 1);
+       strncat(name, "_client", sizeof(name) - strlen(name) - 1);
 
        ret = sysfs_create_link_nowarn(&server->kobj,
                                                &clnt->cl_sysfs->kobject, name);
A mirror of Linus' kernel repository