On Mon, Jun 26, 2017 at 15:51, Konstantin Khorenko wrote:
> strsep() changes provided string: puts '\0' instead of separators,
> thus after successful call to ve_devmnt_check() we insert
> only first provided mount options, ignoring others.
>
> Fixes: bc4143b ("ve/fs/devmnt: process mount options")
>
> Found during implementation of
> https://jira.sw.ru/browse/PSBM-40075
>
> Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com>
Reviewed-by: Kirill Tkhai <ktk...@virtuozzo.com>
> ---
> fs/namespace.c | 13 +++++++++++--
> 1 file changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 7aed8f5..f2d1f84 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -1899,6 +1899,7 @@ static char *strstr_separated(char *haystack, char
> *needle, char sep)
> static int ve_devmnt_check(char *options, char *allowed)
> {
> char *p;
> + char *tmp_options;
>
> if (!options || !*options)
> return 0;
> @@ -1906,14 +1907,22 @@ static int ve_devmnt_check(char *options, char
> *allowed)
> if (!allowed)
> return -EPERM;
>
> - while ((p = strsep(&options, ",")) != NULL) {
> + /* strsep() changes provided string: puts '\0' instead of separators */
> + tmp_options = kstrdup(options, GFP_KERNEL);
> + if (!tmp_options)
> + return -ENOMEM;
> +
> + while ((p = strsep(&tmp_options, ",")) != NULL) {
> if (!*p)
> continue;
>
> - if (!strstr_separated(allowed, p, ','))
> + if (!strstr_separated(allowed, p, ',')) {
> + kfree(tmp_options);
> return -EPERM;
> + }
> }
>
> + kfree(tmp_options);
> return 0;
> }
>
> --
> 1.8.3.1
>
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
