This fixes buffer overflows in create_mddev(). It prohibits
creation with not supported names for DDF and native. For IMSM,
mdadm will do silent cut to 16 later.
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@xxxxxxxxxxxxxxx>
Signed-off-by: Blazej Kucman <blazej.kucman@xxxxxxxxx>
---
mdadm.8.in | 5 +++++
mdadm.c | 9 ++++++++-
mdadm.h | 5 +++++
3 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/mdadm.8.in b/mdadm.8.in
index 28d773c2..68e100cb 100644
--- a/mdadm.8.in
+++ b/mdadm.8.in
@@ -2186,6 +2186,11 @@ is run, but will be created by
.I udev
once the array becomes active.
+The max length md-device name is limited to 32 characters.
+Different metadata types have more strict limitation
+(like IMSM where only 16 characters are allowed).
+For that reason, long name could be truncated or rejected, it depends on metadata policy.
+
As devices are added, they are checked to see if they contain RAID
superblocks or filesystems. They are also checked to see if the variance in
device size exceeds 1%.
diff --git a/mdadm.c b/mdadm.c
index 91e67467..26299b2e 100644
--- a/mdadm.c
+++ b/mdadm.c
@@ -1359,9 +1359,16 @@ int main(int argc, char *argv[])
mdfd = open_mddev(devlist->devname, 1);
if (mdfd < 0)
exit(1);
- } else
+ } else {
+ char *bname = basename(devlist->devname);
+
+ if (strlen(bname) > MD_NAME_MAX) {
+ pr_err("Name %s is too long.\n", devlist->devname);
+ exit(1);
+ }
/* non-existent device is OK */
mdfd = open_mddev(devlist->devname, 0);
+ }
if (mdfd == -2) {
pr_err("device %s exists but is not an md array.\n", devlist->devname);
exit(1);
diff --git a/mdadm.h b/mdadm.h
index 54567396..c7268a71 100644
--- a/mdadm.h
+++ b/mdadm.h
@@ -1880,3 +1880,8 @@ enum r0layout {
#define INVALID_SECTORS 1
/* And another special number needed for --data_offset=variable */
#define VARIABLE_OFFSET 3
+
+/**
+ * This is true for native and DDF, IMSM allows 16.
+ */
+#define MD_NAME_MAX 32
--
2.26.2
