On Sun, 2009-10-04 at 14:25 +0100, Ben Hutchings wrote: > As seen in <http://bugs.debian.org/549002>, nfs4_init_client() can > overrun the source string when copying the client IP address from > nfs_parsed_mount_data::client_address to nfs_client::cl_ipaddr. Since > these are both treated as null-terminated strings elsewhere, the copy > should be done with strlcpy() not memcpy(). > > Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> > --- > diff --git a/fs/nfs/client.c b/fs/nfs/client.c > index 75c9cd2..f525a2f 100644 > --- a/fs/nfs/client.c > +++ b/fs/nfs/client.c > @@ -1073,7 +1073,7 @@ static int nfs4_init_client(struct nfs_client *clp, > 1, flags & NFS_MOUNT_NORESVPORT); > if (error < 0) > goto error; > - memcpy(clp->cl_ipaddr, ip_addr, sizeof(clp->cl_ipaddr)); > + strlcpy(clp->cl_ipaddr, ip_addr, sizeof(clp->cl_ipaddr)); > > error = nfs_idmap_new(clp); > if (error < 0) { It looks good, so I'll push it upstream. I assume the bug report also applies to stable@xxxxxxxxxx? Thanks! Trond -- Trond Myklebust Linux NFS client maintainer NetApp Trond.Myklebust@xxxxxxxxxx www.netapp.com -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
