thr3ads.net - Btrfs devel - [btrfs-devel][patch]use strnlen to deal with string from user space [Sep 2007]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Yan Zheng

2007-Sep-20 07:46 UTC

[btrfs-devel][patch]use strnlen to deal with string from user space

Hello

I think strlen is unsafe here

Regards
YZ

diff -r 24c661119092 inode.c
--- a/inode.c	Mon Sep 17 11:25:58 2007 -0400
+++ b/inode.c	Thu Sep 20 22:25:34 2007 +0800
@@ -1985,7 +1988,7 @@ static int btrfs_ioctl_snap_create(struc
 	if (copy_from_user(&vol_args, arg, sizeof(vol_args)))
 		return -EFAULT;
 	
-	namelen = strlen(vol_args.name);
+	namelen = strnlen(vol_args.name, BTRFS_VOL_NAME_MAX + 1);
 	if (namelen > BTRFS_VOL_NAME_MAX)
 		return -EINVAL;
 	if (strchr(vol_args.name, '/'))

Apparently Analagous Threads

[Patch] Btrfs: use BTRFS_VOL_NAME_MAX for struct btrfs_ioctl_vol_args
[PATCH] Null terminate strings passed in from userspace
[PATCH 001/001] btrfs: Mechanism to modify the permission of a subvolume
[PATCH 0/5] asynchronous commit, snapshot ponies
[PATCH]Add rollback support for the converter

Search for more maybe matching threads

Btrfs devel - Sep 2007 - [patch]use strnlen to deal with string from user space

[btrfs-devel][patch]use strnlen to deal with string from user space

Apparently Analagous Threads

Wisdom of the Ancients