diff options
| author | Zichen Xie <zichenxie0106@gmail.com> | 2024-12-18 00:13:12 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-02-21 14:01:26 +0100 |
| commit | dd8830779b77f4d1206d28d02ad56a03fc0e78f7 (patch) | |
| tree | a8b9f92ffcf49adef05bb1a5a24cb1eaaa95fd88 /fs | |
| parent | 758a5e1dc6db6d5ddf65d0b82b4caffc65efdb2a (diff) | |
| download | linux-dd8830779b77f4d1206d28d02ad56a03fc0e78f7.tar.gz linux-dd8830779b77f4d1206d28d02ad56a03fc0e78f7.tar.bz2 linux-dd8830779b77f4d1206d28d02ad56a03fc0e78f7.zip | |
NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
[ Upstream commit 49fd4e34751e90e6df009b70cd0659dc839e7ca8 ]
name is char[64] where the size of clnt->cl_program->name remains
unknown. Invoking strcat() directly will also lead to potential buffer
overflow. Change them to strscpy() and strncat() to fix potential
issues.
Signed-off-by: Zichen Xie <zichenxie0106@gmail.com>
Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Anna Schumaker <anna.schumaker@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/nfs/sysfs.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/nfs/sysfs.c b/fs/nfs/sysfs.c index bf378ecd5d9f..7b59a40d40c0 100644 --- a/fs/nfs/sysfs.c +++ b/fs/nfs/sysfs.c @@ -280,9 +280,9 @@ void nfs_sysfs_link_rpc_client(struct nfs_server *server, char name[RPC_CLIENT_NAME_SIZE]; int ret; - strcpy(name, clnt->cl_program->name); - strcat(name, uniq ? uniq : ""); - strcat(name, "_client"); + strscpy(name, clnt->cl_program->name, sizeof(name)); + strncat(name, uniq ? uniq : "", sizeof(name) - strlen(name) - 1); + strncat(name, "_client", sizeof(name) - strlen(name) - 1); ret = sysfs_create_link_nowarn(&server->kobj, &clnt->cl_sysfs->kobject, name); |