Hello,
(Corrected indentation and code formatting, and re-posting this patch.)
Devices with names larger than 31 bytes will overflow the sys_name array.
This patch enables mdadm to fail and log a message if a long device name
is going to cause a buffer overflow.
Signed-off-by: Nikhil Kshirsagar <nkshirsa@xxxxxxxxxx>
>From 8198c463c3199c8207dd16cefac23197b16d8a09 Mon Sep 17 00:00:00 2001
From: Nikhil Kshirsagar <nkshirsa@xxxxxxxxxx>
Date: Thu, 16 Jun 2016 09:25:07 +0530
Subject: [PATCH] Protecting overflow of sys_name. If a long device name is
going to cause a buffer overflow, we fail with a log message.
---
sysfs.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sysfs.c b/sysfs.c
index 8379ca8..d346fe9 100644
--- a/sysfs.c
+++ b/sysfs.c
@@ -283,6 +283,13 @@ struct mdinfo *sysfs_read(int fd, char *devnm, unsigned long options)
}
}
+
+ /* strlen computes length of string *not* including the terminating null character. */
+ if (strlen(de->d_name) >= sizeof(dev->sys_name)) {
+ pr_err("Device name %s larger than currently supported by mdadm\n",de->d_name);
+ free(dev);
+ goto abort;
+ }
strcpy(dev->sys_name, de->d_name);
dev->disk.raid_disk = strtoul(buf, &ep, 10);
if (*ep) dev->disk.raid_disk = -1;
--
1.8.3.1
