strsep() changes provided string: puts '\0' instead of separators,
thus after successful call to ve_devmnt_check() we insert
only first provided mount options, ignoring others.
Fixes: bc4143b ("ve/fs/devmnt: process mount options")
Found during implementation of
https://jira.sw.ru/browse/PSBM-40075
Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com>
---
fs/namespace.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 7aed8f5..f2d1f84 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1899,6 +1899,7 @@ static char *strstr_separated(char *haystack, char
*needle, char sep)
static int ve_devmnt_check(char *options, char *allowed)
{
char *p;
+ char *tmp_options;
if (!options || !*options)
return 0;
@@ -1906,14 +1907,22 @@ static int ve_devmnt_check(char *options, char *allowed)
if (!allowed)
return -EPERM;
- while ((p = strsep(&options, ",")) != NULL) {
+ /* strsep() changes provided string: puts '\0' instead of separators */
+ tmp_options = kstrdup(options, GFP_KERNEL);
+ if (!tmp_options)
+ return -ENOMEM;
+
+ while ((p = strsep(&tmp_options, ",")) != NULL) {
if (!*p)
continue;
- if (!strstr_separated(allowed, p, ','))
+ if (!strstr_separated(allowed, p, ',')) {
+ kfree(tmp_options);
return -EPERM;
+ }
}
+ kfree(tmp_options);
return 0;
}
--
1.8.3.1
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
