On Wed, Nov 14, 2018 at 11:35:24AM +0000, fdman...@kernel.org wrote: > From: Filipe Manana <fdman...@suse.com> > > We were using the path name received from user space without checking that > it is null terminated. While btrfs-progs is well behaved and does proper > validation and null termination, someone could call the ioctl and pass > a non-null terminated patch, leading to buffer overrun problems in the > kernel. > > So just set the last byte of the path to a null character, similar to what > we do in other ioctls (add/remove/resize device, snapshot creation, etc). > > Signed-off-by: Filipe Manana <fdman...@suse.com>
Good catch, thanks Reviewed-by: David Sterba <dste...@suse.com>
