[PATCHv2 1/2] cld: fix CLD_INODE_NAME_MAX woes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



v2: one part of this patch was originally accidentally mixed into patch 2

When we create a static buffer for an inode name, and treat it like a
null-terminated string, it needs to be of length CLD_INODE_NAME_MAX + 1 so
that it can hold the NULL-terminator.

In cldc_del and cldc_open, we should check that the user-submitted inode name
is less than or equal to CLD_INODE_NAME_MAX. Formerly we were just checking
that it wasn't too big to fit in the packet.

When copying the inode name out of struct cld_dirent_cur, use snprintf rather
than strcpy to ensure that we never overflow the buffer. This isn't strictly
necessary if all other checks are working perfectly, but it seems prudent.

Signed-off-by: Colin McCabe <cmccabe@xxxxxxxxxxxxxx>
---
 include/cldc.h |    2 +-
 lib/cldc.c     |    4 ++--
 tools/cldcli.c |    1 +
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/include/cldc.h b/include/cldc.h
index f1db7d2..0d72669 100644
--- a/include/cldc.h
+++ b/include/cldc.h
@@ -41,7 +41,7 @@ struct cldc_call_opts {
 			struct cld_msg_get_resp resp;
 			const char *buf;
 			unsigned int size;
-			char inode_name[CLD_INODE_NAME_MAX];
+			char inode_name[CLD_INODE_NAME_MAX + 1];
 		} get;
 	} u;
 };
diff --git a/lib/cldc.c b/lib/cldc.c
index 3dc565c..dcc179c 100644
--- a/lib/cldc.c
+++ b/lib/cldc.c
@@ -903,7 +903,7 @@ int cldc_del(struct cldc_session *sess, const struct cldc_call_opts *copts,
 		return -EINVAL;
 
 	plen = strlen(pathname);
-	if (plen > 65530)
+	if (plen > CLD_INODE_NAME_MAX)
 		return -EINVAL;
 
 	/* create DEL message */
@@ -974,7 +974,7 @@ int cldc_open(struct cldc_session *sess,
 		return -EINVAL;
 
 	plen = strlen(pathname);
-	if (plen > 65530)
+	if (plen > CLD_INODE_NAME_MAX)
 		return -EINVAL;
 
 	/* create OPEN message */
diff --git a/tools/cldcli.c b/tools/cldcli.c
index c274e61..acf45d7 100644
--- a/tools/cldcli.c
+++ b/tools/cldcli.c
@@ -254,6 +254,7 @@ static int cb_ls_2(struct cldc_call_opts *copts_in, enum cle_err_codes errc)
 
 		s = cldc_dirent_name(&dc);
 		strcpy(lsr.name, s);
+		snprintf(lsr.name, CLD_INODE_NAME_MAX + 1, s);
 		free(s);
 
 		write_from_thread(&lsr, sizeof(lsr));
-- 
1.6.2.5

--
To unsubscribe from this list: send the line "unsubscribe hail-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Fedora Clound]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux