mmp: don't assume NUL termination for MMP strings

Don't assume that mmp_nodename and mmp_bdevname are NUL terminated,
since very long node/device names may completely fill the buffers.

Limit string printing to the maximum buffer size for safety, and
change the field definitions to __u8 to make it more clear that
they are not NUL-terminated strings, as is done with other strings
in the superblock that do not have NUL termination.

Signed-off-by: Andreas Dilger <adilger@dilger.ca>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/debugfs/debugfs.c b/debugfs/debugfs.c
index 15b01214a8df28a26955d50f7771ec4a9cae20d0..23bc3c3c9768b806da663201cfde7dbc0606070b 100644 (file)
--- a/debugfs/debugfs.c
+++ b/debugfs/debugfs.c
@@ -2446,8 +2446,10 @@ void do_dump_mmp(int argc EXT2FS_ATTR((unused)), char *argv[],
        fprintf(stdout, "check_interval: %d\n", mmp_s->mmp_check_interval);
        fprintf(stdout, "sequence: %08x\n", mmp_s->mmp_seq);
        fprintf(stdout, "time: %lld -- %s", mmp_s->mmp_time, ctime(&t));
-       fprintf(stdout, "node_name: %s\n", mmp_s->mmp_nodename);
-       fprintf(stdout, "device_name: %s\n", mmp_s->mmp_bdevname);
+       fprintf(stdout, "node_name: %.*s\n",
+               (int)sizeof(mmp_s->mmp_nodename), (char *)mmp_s->mmp_nodename);
+       fprintf(stdout, "device_name: %.*s\n",
+               (int)sizeof(mmp_s->mmp_bdevname), (char *)mmp_s->mmp_bdevname);
        fprintf(stdout, "magic: 0x%x\n", mmp_s->mmp_magic);
        fprintf(stdout, "checksum: 0x%08x\n", mmp_s->mmp_checksum);
 }

diff --git a/e2fsck/util.c b/e2fsck/util.c
index db6a1cc11a23c309bd71427d870720eaf8491014..07885ab09a0a0e34af232e62522bc207897494fc 100644 (file)
--- a/e2fsck/util.c
+++ b/e2fsck/util.c
@@ -777,8 +777,12 @@ void dump_mmp_msg(struct mmp_struct *mmp, const char *fmt, ...)
                printf("    mmp_sequence: %08x\n", mmp->mmp_seq);
                printf("    mmp_update_date: %s", ctime(&t));
                printf("    mmp_update_time: %lld\n", mmp->mmp_time);
-               printf("    mmp_node_name: %s\n", mmp->mmp_nodename);
-               printf("    mmp_device_name: %s\n", mmp->mmp_bdevname);
+               printf("    mmp_node_name: %.*s\n",
+                      (int)sizeof(mmp->mmp_nodename),
+                      (char *)mmp->mmp_nodename);
+               printf("    mmp_device_name: %.*s\n",
+                      (int)sizeof(mmp->mmp_bdevname),
+                      (char *)mmp->mmp_bdevname);
        }
 }
 

diff --git a/lib/ext2fs/ext2_fs.h b/lib/ext2fs/ext2_fs.h
index febcb476a996b497dea0122aa26a055d6e3cce31..67c44e9dcd6efbc8391c9af4be92ff1a2771945a 100644 (file)
--- a/lib/ext2fs/ext2_fs.h
+++ b/lib/ext2fs/ext2_fs.h
@@ -1096,9 +1096,9 @@ struct ext2_dir_entry_tail {
 struct mmp_struct {
        __u32   mmp_magic;              /* Magic number for MMP */
        __u32   mmp_seq;                /* Sequence no. updated periodically */
-       __u64   mmp_time;               /* Time last updated */
-       char    mmp_nodename[64];       /* Node which last updated MMP block */
-       char    mmp_bdevname[32];       /* Bdev which last updated MMP block */
+       __u64   mmp_time;               /* Time last updated (seconds) */
+       __u8    mmp_nodename[64];       /* Node updating MMP block, no NUL? */
+       __u8    mmp_bdevname[32];       /* Bdev updating MMP block, no NUL? */
        __u16   mmp_check_interval;     /* Changed mmp_check_interval */
        __u16   mmp_pad1;
        __u32   mmp_pad2[226];

diff --git a/misc/dumpe2fs.c b/misc/dumpe2fs.c
index 384ce925378e6a47c306bbb4461f6405da5b4e58..403cd4f6fb6ba1a7ec0d9d31d921624776a3f294 100644 (file)
--- a/misc/dumpe2fs.c
+++ b/misc/dumpe2fs.c
@@ -439,8 +439,12 @@ static int check_mmp(ext2_filsys fs)
                                time_t mmp_time = mmp->mmp_time;
 
                                fprintf(stderr,
-                                       "%s: MMP last updated by '%s' on %s",
-                                       program_name, mmp->mmp_nodename,
+                                       "%s: MMP update by '%.*s%.*s' at %s",
+                                       program_name,
+                                       (int)sizeof(mmp->mmp_nodename),
+                                       (char *)mmp->mmp_nodename,
+                                       (int)sizeof(mmp->mmp_bdevname),
+                                       (char *)mmp->mmp_bdevname,
                                        ctime(&mmp_time));
                        }
                        retval = 1;
@@ -489,8 +493,10 @@ static void print_mmp_block(ext2_filsys fs)
        printf("    mmp_sequence: %#08x\n", mmp->mmp_seq);
        printf("    mmp_update_date: %s", ctime(&mmp_time));
        printf("    mmp_update_time: %lld\n", mmp->mmp_time);
-       printf("    mmp_node_name: %s\n", mmp->mmp_nodename);
-       printf("    mmp_device_name: %s\n", mmp->mmp_bdevname);
+       printf("    mmp_node_name: %.*s\n",
+              (int)sizeof(mmp->mmp_nodename), (char *)mmp->mmp_nodename);
+       printf("    mmp_device_name: %.*s\n",
+              (int)sizeof(mmp->mmp_bdevname), (char *)mmp->mmp_bdevname);
 }
 
 static void parse_extended_opts(const char *opts, blk64_t *superblock,

diff --git a/misc/util.c b/misc/util.c
index 77991589376a09acc1dd2a5e2d28f192e9fae10b..6239b360daff7b33ff4d523502495babf6d0e326 100644 (file)
--- a/misc/util.c
+++ b/misc/util.c
@@ -288,7 +288,10 @@ void dump_mmp_msg(struct mmp_struct *mmp, const char *msg)
        if (mmp) {
                time_t t = mmp->mmp_time;
 
-               printf("MMP error info: last update: %s node: %s device: %s\n",
-                      ctime(&t), mmp->mmp_nodename, mmp->mmp_bdevname);
+               printf("MMP error info: node: %.*s, device: %.*s, updated: %s",
+                      (int)sizeof(mmp->mmp_nodename),
+                      (char *)mmp->mmp_nodename,
+                      (int)sizeof(mmp->mmp_bdevname),
+                      (char *)mmp->mmp_bdevname, ctime(&t));
        }
 }

diff --git a/tests/filter.sed b/tests/filter.sed
index f37986ce1a1efde3fdb5976960322a60a4c3c157..796186e751763ceb9fc920effb3da5e2b3573385 100644 (file)
--- a/tests/filter.sed
+++ b/tests/filter.sed
@@ -37,3 +37,4 @@ s/mmp_node_name: .*/mmp_node_name: test_node/
 s/mmp_update_date: .*/mmp_update_date: test date/
 s/mmp_update_time: .*/mmp_update_time: test_time/
 s/MMP last updated by '.*' on .*/MMP last updated by 'test_node' on test date/
+s/MMP update by '.*' at .*/MMP last updated by 'test_node' on test date/