Pandora Sourcecodes - pandora-kernel.git/commit

author	Chuck Lever <chuck.lever@oracle.com>
	Thu, 23 Apr 2009 23:32:25 +0000 (19:32 -0400)
committer	J. Bruce Fields <bfields@citi.umich.edu>
	Tue, 28 Apr 2009 17:54:28 +0000 (13:54 -0400)
commit	335c54bdc4d3bacdbd619ec95cd0b352435bd37f
tree	922de1595031ab24a31ba263c1f07bf876797b05	tree \| snapshot
parent	ea068bad27cefc71ab03230dbf01a8f8d98da5ba	commit \| diff

NFSD: Prevent a buffer overflow in svc_xprt_names()

The svc_xprt_names() function can overflow its buffer if it's so near
the end of the passed in buffer that the "name too long" string still
doesn't fit. Of course, it could never tell if it was near the end
of the passed in buffer, since its only caller passes in zero as the
buffer length.

Let's make this API a little safer.

Change svc_xprt_names() so it *always* checks for a buffer overflow,
and change its only caller to pass in the correct buffer length.

If svc_xprt_names() does overflow its buffer, it now fails with an
ENAMETOOLONG errno, instead of trying to write a message at the end
of the buffer. I don't like this much, but I can't figure out a clean
way that's always safe to return some of the names, *and* an
indication that the buffer was not long enough.

The displayed error when doing a 'cat /proc/fs/nfsd/portlist' is
"File name too long".

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>

fs/nfsd/nfsctl.c		diff \| blob \| history
include/linux/sunrpc/svc_xprt.h		diff \| blob \| history
net/sunrpc/svc_xprt.c		diff \| blob \| history