On Mon, 2013-04-01 at 14:29 -0700, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
> The patch below does not apply to the 3.4-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@xxxxxxxxxxxxxxx>.
>
> thanks,
>
> greg k-h
>
> ------------------ original commit in Linus's tree ------------------
>
> >From cf4ab538f1516606d3ae730dce15d6f33d96b7e1 Mon Sep 17 00:00:00 2001
> From: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx>
> Date: Fri, 8 Mar 2013 12:56:37 -0500
> Subject: [PATCH] NFSv4: Fix the string length returned by the idmapper
>
> Functions like nfs_map_uid_to_name() and nfs_map_gid_to_group() are
> expected to return a string without any terminating NUL character.
> Regression introduced by commit 57e62324e469e092ecc6c94a7a86fe4bd6ac5172
> (NFS: Store the legacy idmapper result in the keyring).
>
> Reported-by: Dave Chiluk <dave.chiluk@xxxxxxxxxxxxx>
> Signed-off-by: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx>
> Cc: Bryan Schumaker <bjschuma@xxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx [>=3.4]
>
> diff --git a/fs/nfs/idmap.c b/fs/nfs/idmap.c
> index dc0f98d..c516da5 100644
> --- a/fs/nfs/idmap.c
> +++ b/fs/nfs/idmap.c
> @@ -726,9 +726,9 @@ out1:
> return ret;
> }
>
> -static int nfs_idmap_instantiate(struct key *key, struct key *authkey, char *data)
> +static int nfs_idmap_instantiate(struct key *key, struct key *authkey, char *data, size_t datalen)
> {
> - return key_instantiate_and_link(key, data, strlen(data) + 1,
> + return key_instantiate_and_link(key, data, datalen,
> id_resolver_cache->thread_keyring,
> authkey);
> }
> @@ -738,6 +738,7 @@ static int nfs_idmap_read_and_verify_message(struct idmap_msg *im,
> struct key *key, struct key *authkey)
> {
> char id_str[NFS_UINT_MAXLEN];
> + size_t len;
> int ret = -ENOKEY;
>
> /* ret = -ENOKEY */
> @@ -747,13 +748,15 @@ static int nfs_idmap_read_and_verify_message(struct idmap_msg *im,
> case IDMAP_CONV_NAMETOID:
> if (strcmp(upcall->im_name, im->im_name) != 0)
> break;
> - sprintf(id_str, "%d", im->im_id);
> - ret = nfs_idmap_instantiate(key, authkey, id_str);
> + /* Note: here we store the NUL terminator too */
> + len = sprintf(id_str, "%d", im->im_id) + 1;
> + ret = nfs_idmap_instantiate(key, authkey, id_str, len);
> break;
> case IDMAP_CONV_IDTONAME:
> if (upcall->im_id != im->im_id)
> break;
> - ret = nfs_idmap_instantiate(key, authkey, im->im_name);
> + len = strlen(im->im_name);
> + ret = nfs_idmap_instantiate(key, authkey, im->im_name, len);
> break;
> default:
> ret = -EINVAL;
>
Hi Greg,
There is a dependency on commit 0cac12023 (NFSv4: Ensure that
idmap_pipe_downcall sanity-checks the downcall data) that I did not
notice. Should I resubmit the patch with an appropriate
Cc: <stable@xxxxxxxxxxxxxxx> # 3.4.x: 0cac12023: NFSv4: Ensure that idmap_pipe_downcall
in the signed-off area?
Thanks,
Trond
--
Trond Myklebust
Linux NFS client maintainer
NetApp
Trond.Myklebust@xxxxxxxxxx
www.netapp.com
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html