strncpy_from_user could return negative values on error,
so need to take those into account.
Since ll_getname is used to get a single component name from userspace
to transfer to server as-is, there's no need to allocate 4k buffer
as done by __getname. Allocate NAME_MAX+1 buffer instead to ensure
we have enough for a null terminated max valid length buffer.
Change-Id: I9ce50d33864c7efd6fd019b592199f4fcf75410c
Signed-off-by: Oleg Drokin <oleg.drokin@intel.com>
Reviewed-on: http://review.whamcloud.com/15089
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Reviewed-by: James Simmons <uja.ornl@yahoo.com>
-static char *
-ll_getname(const char __user *filename)
+/* This function tries to get a single name component,
+ * to send to the server. No actual path traversal involved,
+ * so we limit to NAME_MAX */
+static char *ll_getname(const char __user *filename)
- char *tmp = __getname();
+ char *tmp;
+
+ OBD_ALLOC(tmp, NAME_MAX + 1);
if (!tmp)
return ERR_PTR(-ENOMEM);
if (!tmp)
return ERR_PTR(-ENOMEM);
- len = strncpy_from_user(tmp, filename, PATH_MAX);
- if (len == 0)
+ len = strncpy_from_user(tmp, filename, NAME_MAX + 1);
+ if (len < 0)
- else if (len > PATH_MAX)
+ else if (len > NAME_MAX)
ret = -ENAMETOOLONG;
if (ret) {
ret = -ENAMETOOLONG;
if (ret) {
+ OBD_FREE(tmp, NAME_MAX + 1);
tmp = ERR_PTR(ret);
}
return tmp;
}
tmp = ERR_PTR(ret);
}
return tmp;
}
-#define ll_putname(filename) __putname(filename)
+#define ll_putname(filename) OBD_FREE(filename, NAME_MAX + 1);
static long ll_dir_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
static long ll_dir_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{