On Thu, Apr 09, 2009 at 08:18:11PM +0900, Tetsuo Handa wrote:
> Since "struct file_system_type"->name does not limit the max length,
> one might pass a name with strlen(name) >= 80.
>
> while (tmp && len < PAGE_SIZE - 80) {
> len += sprintf(buf+len, "%s\t%s\n",
> (tmp->fs_flags & FS_REQUIRES_DEV) ? "" : "nodev",
> tmp->name);
>
> This can cause buffer overrun if somebody builts in very very long filesystem
> name (as shown in example code below); although unlikely happens, for
> get_filesystem_list() is called only once upon boot.
Doctor, it hurts when I do it...
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
