http://oss.sgi.com/bugzilla/show_bug.cgi?id=526
Summary: dm_path_to_handle doesn't work if path is longer than
2000 characters
Product: Linux XFS
Version: Current
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: dmapi
AssignedTo: xfs-master@xxxxxxxxxxx
ReportedBy: kjamieson@xxxxxxxxxx
If dm_path_to_handle is called with a path that is longer than 2000 characters
the behaviour will be undefined since dm_path_to_hdl copies only the first 2001
characters of the path into "name" and does not ensure that "name" is
NUL-terminated before calling path_lookup.
The below patch should fix this, as well as returning ENOENT if the path is an
empty string. (Changing this code to use getname() would of course also address
this bug, but that might be a more involved change.)
--- sgi-linux-2.6-xfs/fs/dmapi/dmapi_register.bak.c 2005-05-17
19:02:58.000000000 -0700
+++ sgi-linux-2.6-xfs/fs/dmapi/dmapi_register.c 2006-02-24 22:59:12.000000000
-0800
@@ -869,7 +869,12 @@
struct filesystem_dmapi_operations *dops;
/* XXX get things straightened out so getname() works here? */
- len = strnlen_user(path, 2000);
+ if (!(len = strnlen_user(path, PATH_MAX)))
+ return(-EFAULT);
+ if (len == 1)
+ return(-ENOENT);
+ if (len > PATH_MAX)
+ return(-ENAMETOOLONG);
name = kmalloc(len, GFP_KERNEL);
if (name == NULL) {
printk("%s/%d: kmalloc returned NULL\n", __FUNCTION__,
__LINE__);
@@ -940,7 +945,12 @@
struct filesystem_dmapi_operations *dops;
/* XXX get things straightened out so getname() works here? */
- len = strnlen_user(path, 2000);
+ if(!(len = strnlen_user(path, PATH_MAX)))
+ return(-EFAULT);
+ if (len == 1)
+ return(-ENOENT);
+ if (len > PATH_MAX)
+ return(-ENAMETOOLONG);
name = kmalloc(len, GFP_KERNEL);
if (name == NULL) {
printk("%s/%d: kmalloc returned NULL\n", __FUNCTION__,
__LINE__);
--
Configure bugmail: http://oss.sgi.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
|