On Tue, 2024-12-17 at 16:51 +0000, Trond Myklebust wrote: > On Wed, 2024-12-18 at 00:13 +0800, Gax-c wrote: > > From: Zichen Xie <zichenxie0106@xxxxxxxxx> > > > > name is char[64] where the size of clnt->cl_program->name remains > > unknown. Invoking strcat() directly will also lead to potential > > buffer > > overflow. Change them to strscpy() and strncat() to fix potential > > issues. > > What makes you think that clnt->cl_program->name is unknown? > > All calls to nfs_sysfs_link_rpc_client() use well known RPC clients > for > which the cl_program is pointing to one of nlm_program, nfs_program > or > nfsacl_program. So we know very well the sizes of clnt->cl_program- > > name. Just to clarify: I'm not strongly against the patch itself. However it would seem premature to consider this a bug, let alone a stable fix candidate. Has anyone ever seen a buffer overflow here? If so, under which circumstances? -- Trond Myklebust Linux NFS client maintainer, Hammerspace trond.myklebust@xxxxxxxxxxxxxxx
