From: NeilBrown <neilb@suse.de>
Date: Tue, 28 May 2024 23:11:36 +0000 (+1000)
Subject: NFS: abort nfs_atomic_open_v23 if name is too long.
X-Git-Tag: v6.10-rc4~27^2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=296f4ce81d08e73c22408c49f4938a85bd075e5c;p=thirdparty%2Fkernel%2Flinux.git

NFS: abort nfs_atomic_open_v23 if name is too long.

An attempt to open a file with a name longer than NFS3_MAXNAMLEN will
trigger a WARN_ON_ONCE in encode_filename3() because
nfs_atomic_open_v23() doesn't have the test on ->d_name.len that
nfs_atomic_open() has.

So add that test.

Reported-by: James Clark <james.clark@arm.com>
Closes: https://lore.kernel.org/all/20240528105249.69200-1-james.clark@arm.com/
Fixes: 7c6c5249f061 ("NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly.")
Signed-off-by: NeilBrown <neilb@suse.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
---

diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index 788077a4feb9a..2b68a14982c8f 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -2254,6 +2254,9 @@ int nfs_atomic_open_v23(struct inode *dir, struct dentry *dentry,
 	 */
 	int error = 0;
 
+	if (dentry->d_name.len > NFS_SERVER(dir)->namelen)
+		return -ENAMETOOLONG;
+
 	if (open_flags & O_CREAT) {
 		file->f_mode |= FMODE_CREATED;
 		error = nfs_do_create(dir, dentry, mode, open_flags);