Re: [PATCH] bs_sheepdog.c: ensure that vdi names and tag names are null-terminated

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon,  9 Dec 2013 14:00:41 +0900
Ryusuke Konishi <konishi.ryusuke@xxxxxxxxxxxxx> wrote:

> In the current sheepdog driver, tag names and vdi names are truncated
> to 256 bytes if they are longer than the size.
> 
> The request data will not be null-terminated if those names are
> truncated to the maximum byte size.
> 
> This implementation causes the following two issues with sheepdog:
> 
>  1) Since CLI of sheepdog (i.e. dog command) truncates tag names and
>     vdi names to 255 bytes to ensure that string buffers are
>     null-terminated, vdi lookup function of sheep daemon can fail for
>     long vdi names or long tag names due to this difference of buffer
>     termination.
> 
>  2) The absence of a null byte causes potential buffer overrun issue
>     with the sheep daemon even though we are trying to fix this sort
>     of dangerous implementation.
> 
> This patch ensures that tag names and vdi names set to the request
> buffer are both null terminated and fixes these issues.
> 
> Signed-off-by: Ryusuke Konishi <konishi.ryusuke@xxxxxxxxxxxxx>
> Cc: Hitoshi Mitake <mitake.hitoshi@xxxxxxxxxxxxx>
> ---
>  usr/bs_sheepdog.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux SCSI]     [Linux RAID]     [Linux Clusters]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]

  Powered by Linux