On 31.08.2021 16:58, Alexey Kuznetsov wrote:
Hello!
On Tue, Aug 31, 2021 at 9:37 PM Pavel Tikhomirov
<[email protected]> wrote:
Please take a look on OPT_SUBTYPE and OPT_SOURCE options, do we actually
need strncpy here?
Formally, сheck if (param->size > FUSE_KIO_NAME) must be enough.
But better be safe than sorry. In this particular context we have no idea
that param->size is correlated to actual string length. You may believe
to caller, I would not.
vfs_parse_fs_string with it's kmemdup_nul already
puts null-terminated string in param.string, similarly null-terminated
string is provided by sys_fsconfig with strndup_user(_value, 256);
Wrong! If you copy OPT_SUBTYPE or OPT_SOURCE
to a buffer you use strncpy limited to sizeof of your local buffer
no matter what is written on that fence :-)
Sure you are right, if we have
char kio_name[FUSE_KIO_NAME + 1];
and when we copy something to it we should limit strncpy with
FUSE_KIO_NAME size to be on the safe side.
So I just wanted to highlight that mainstream code relies that
param->string is a pointer to null terminated string and it can be
"stolen" like they do for OPT_SUBTYPE. So that we can do it too
(replacing kio_name buf with pointer and staff...). But I don't insist.
Reviewed-by: Pavel Tikhomirov <[email protected]>
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
