xfs_scrub: avoid buffer overflow when scanning attributes

Avoid a buffer overflow when we're formatting extended attribute names
for name checking.  The kernel headers provide us with XATTR_NAME_MAX,
so we can rely on that.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>

diff --git a/scrub/phase5.c b/scrub/phase5.c
index 5f2a1a7cd0a865d7427696f1cfd6f438e1cebe5b..e0e7e8c7104773d76c2ee7ddcd6e7a8ce58115f7 100644 (file)
--- a/scrub/phase5.c
+++ b/scrub/phase5.c
@@ -158,7 +158,7 @@ xfs_scrub_scan_fhandle_namespace_xattrs(
 {
        struct attrlist_cursor          cur;
        char                            attrbuf[XFS_XATTR_LIST_MAX];
-       char                            keybuf[NAME_MAX + 1];
+       char                            keybuf[XATTR_NAME_MAX + 1];
        struct attrlist                 *attrlist = (struct attrlist *)attrbuf;
        struct attrlist_ent             *ent;
        struct unicrash                 *uc;
@@ -172,14 +172,14 @@ xfs_scrub_scan_fhandle_namespace_xattrs(
 
        memset(attrbuf, 0, XFS_XATTR_LIST_MAX);
        memset(&cur, 0, sizeof(cur));
-       memset(keybuf, 0, NAME_MAX + 1);
+       memset(keybuf, 0, XATTR_NAME_MAX + 1);
        error = attr_list_by_handle(handle, sizeof(*handle), attrbuf,
                        XFS_XATTR_LIST_MAX, attr_ns->flags, &cur);
        while (!error) {
                /* Examine the xattrs. */
                for (i = 0; i < attrlist->al_count; i++) {
                        ent = ATTR_ENTRY(attrlist, i);
-                       snprintf(keybuf, NAME_MAX, "%s.%s", attr_ns->name,
+                       snprintf(keybuf, XATTR_NAME_MAX, "%s.%s", attr_ns->name,
                                        ent->a_name);
                        moveon = xfs_scrub_check_name(ctx, descr,
                                        _("extended attribute"), keybuf);