[PATCH] uml: fix hostfs lookup
From: Miklos Szeredi
Date: Wed Aug 18 2010 - 09:34:14 EST
From: Miklos Szeredi <mszeredi@xxxxxxx>
commit e9193059 (hostfs: fix races in dentry_name() and inode_name())
broke hostfs lookup.
The cause of the bug is that strncpy() zero fills the whole buffer.
Replace strncpy() with memcpy() and replace open coded memory move
with memmove().
Reported-by: Jouni Malinen <jkmalinen@xxxxxxxxx>
Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxx>
---
fs/hostfs/hostfs_kern.c | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
Index: linux-2.6/fs/hostfs/hostfs_kern.c
===================================================================
--- linux-2.6.orig/fs/hostfs/hostfs_kern.c 2010-08-18 14:53:22.000000000 +0200
+++ linux-2.6/fs/hostfs/hostfs_kern.c 2010-08-18 15:04:25.000000000 +0200
@@ -100,20 +100,12 @@ static char *__dentry_name(struct dentry
root = dentry->d_sb->s_fs_info;
len = strlen(root);
- if (IS_ERR(p)) {
+ if (IS_ERR(p) || len > p - name) {
__putname(name);
return NULL;
}
- strncpy(name, root, PATH_MAX);
- if (len > p - name) {
- __putname(name);
- return NULL;
- }
- if (p > name + len) {
- char *s = name + len;
- while ((*s++ = *p++) != '\0')
- ;
- }
+ memcpy(name, root, len);
+ memmove(name + len, p, PATH_MAX - (p - name) + 1);
return name;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/