On Mon, 9 Dec 2013 14:00:41 +0900 Ryusuke Konishi <konishi.ryusuke@xxxxxxxxxxxxx> wrote: > In the current sheepdog driver, tag names and vdi names are truncated > to 256 bytes if they are longer than the size. > > The request data will not be null-terminated if those names are > truncated to the maximum byte size. > > This implementation causes the following two issues with sheepdog: > > 1) Since CLI of sheepdog (i.e. dog command) truncates tag names and > vdi names to 255 bytes to ensure that string buffers are > null-terminated, vdi lookup function of sheep daemon can fail for > long vdi names or long tag names due to this difference of buffer > termination. > > 2) The absence of a null byte causes potential buffer overrun issue > with the sheep daemon even though we are trying to fix this sort > of dangerous implementation. > > This patch ensures that tag names and vdi names set to the request > buffer are both null terminated and fixes these issues. > > Signed-off-by: Ryusuke Konishi <konishi.ryusuke@xxxxxxxxxxxxx> > Cc: Hitoshi Mitake <mitake.hitoshi@xxxxxxxxxxxxx> > --- > usr/bs_sheepdog.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe stgt" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
