From: Pali Rohár Date: Thu, 12 Sep 2024 12:05:44 +0000 (+0200) Subject: cifs: Put explicit zero byte into SFU block/char types X-Git-Tag: v6.12-rc1~139^2~6 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bb68327053a24734d5a146620f8a29219361dd3e;p=thirdparty%2Fkernel%2Fstable.git cifs: Put explicit zero byte into SFU block/char types SFU types IntxCHR and IntxBLK are 8 bytes with zero as last byte. Make it explicit in memcpy and memset calls, so the zero byte is visible in the code (and not hidden as string trailing nul byte). It is important for reader to show the last byte for block and char types because it differs from the last byte of symlink type (which has it 0x01). Also it is important to show that the type is not nul-term string, but rather 8 bytes (with some printable bytes). Signed-off-by: Pali Rohár Signed-off-by: Steve French --- diff --git a/fs/smb/client/inode.c b/fs/smb/client/inode.c index e8567ed63f223..d8c39989840e2 100644 --- a/fs/smb/client/inode.c +++ b/fs/smb/client/inode.c @@ -586,7 +586,7 @@ cifs_sfu_type(struct cifs_fattr *fattr, const char *path, rc = tcon->ses->server->ops->sync_read(xid, &fid, &io_parms, &bytes_read, &pbuf, &buf_type); if ((rc == 0) && (bytes_read >= 8)) { - if (memcmp("IntxBLK", pbuf, 8) == 0) { + if (memcmp("IntxBLK\0", pbuf, 8) == 0) { cifs_dbg(FYI, "Block device\n"); fattr->cf_mode |= S_IFBLK; fattr->cf_dtype = DT_BLK; @@ -598,7 +598,7 @@ cifs_sfu_type(struct cifs_fattr *fattr, const char *path, mnr = le64_to_cpu(*(__le64 *)(pbuf+16)); fattr->cf_rdev = MKDEV(mjr, mnr); } - } else if (memcmp("IntxCHR", pbuf, 8) == 0) { + } else if (memcmp("IntxCHR\0", pbuf, 8) == 0) { cifs_dbg(FYI, "Char device\n"); fattr->cf_mode |= S_IFCHR; fattr->cf_dtype = DT_CHR; diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index 5f562d2126719..a5174bf41e514 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -5072,12 +5072,12 @@ static int __cifs_sfu_make_node(unsigned int xid, struct inode *inode, switch (mode & S_IFMT) { case S_IFCHR: - strscpy(pdev.type, "IntxCHR"); + memcpy(pdev.type, "IntxCHR\0", 8); pdev.major = cpu_to_le64(MAJOR(dev)); pdev.minor = cpu_to_le64(MINOR(dev)); break; case S_IFBLK: - strscpy(pdev.type, "IntxBLK"); + memcpy(pdev.type, "IntxBLK\0", 8); pdev.major = cpu_to_le64(MAJOR(dev)); pdev.minor = cpu_to_le64(MINOR(dev)); break;