From: J. Bruce Fields <bfields@fieldses.org>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] Re: [PATCH 1/2] NLM failover unlock commands
Date: Tue, 22 Jan 2008 17:53:12 -0500 [thread overview]
Message-ID: <20080122225312.GO24697@fieldses.org> (raw)
In-Reply-To: <18315.61638.14133.308991@notabene.brown>
On Tue, Jan 15, 2008 at 10:31:18AM +1100, Neil Brown wrote:
> On Monday January 14, bfields at fieldses.org wrote:
> > >
> > > +static ssize_t failover_unlock_ip(struct file *file, char *buf, size_t size)
> > > +{
> > > + __be32 server_ip;
> > > + char *fo_path;
> > > + char *mesg;
> > > +
> > > + /* sanity check */
> > > + if (size <= 0)
> > > + return -EINVAL;
> >
> > Not only is size never negative, it's actually an unsigned type here, so
> > this is a no-op.
>
> No, It it equivalent to
> if (size == 0)
>
> which alternative is clearer and more maintainable is debatable.
>
> >
> > > +
> > > + if (buf[size-1] == '\n')
> > > + buf[size-1] = 0;
> >
> > The other write methods in this file actually just do
> >
> > if (buf[size-1] != '\n')
> > return -EINVAL;
>
> and those which don't check for size == 0 are underflowing an array.
> That should probably be fixed.
?
--b.
commit 6685389d610950126f700d25f3d010c7049441c3
Author: J. Bruce Fields <bfields@citi.umich.edu>
Date: Tue Jan 22 17:40:42 2008 -0500
nfsd: more careful input validation in nfsctl write methods
Neil Brown points out that we're checking buf[size-1] in a couple places
without first checking whether size is zero.
Actually, given the implementation of simple_transaction_get(), buf[-1]
is zero, so in both of these cases the subsequent check of the value of
buf[size-1] will catch this case.
But it seems fragile to depend on that, so add explicit checks for this
case.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Cc: Neil Brown <neilb@suse.de>
diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index 61015cf..9ed2a2b 100644
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -304,6 +304,9 @@ static ssize_t write_filehandle(struct file *file, char *buf, size_t size)
struct auth_domain *dom;
struct knfsd_fh fh;
+ if (size == 0)
+ return -EINVAL;
+
if (buf[size-1] != '\n')
return -EINVAL;
buf[size-1] = 0;
@@ -663,7 +666,7 @@ static ssize_t write_recoverydir(struct file *file, char *buf, size_t size)
char *recdir;
int len, status;
- if (size > PATH_MAX || buf[size-1] != '\n')
+ if (size == 0 || size > PATH_MAX || buf[size-1] != '\n')
return -EINVAL;
buf[size-1] = 0;
WARNING: multiple messages have this Message-ID (diff)
From: "J. Bruce Fields" <bfields@fieldses.org>
To: Neil Brown <neilb@suse.de>
Cc: Wendy Cheng <wcheng@redhat.com>,
Christoph Hellwig <hch@infradead.org>,
NFS list <linux-nfs@vger.kernel.org>,
cluster-devel@redhat.com
Subject: Re: [PATCH 1/2] NLM failover unlock commands
Date: Tue, 22 Jan 2008 17:53:12 -0500 [thread overview]
Message-ID: <20080122225312.GO24697@fieldses.org> (raw)
In-Reply-To: <18315.61638.14133.308991-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
On Tue, Jan 15, 2008 at 10:31:18AM +1100, Neil Brown wrote:
> On Monday January 14, bfields@fieldses.org wrote:
> > >
> > > +static ssize_t failover_unlock_ip(struct file *file, char *buf, size_t size)
> > > +{
> > > + __be32 server_ip;
> > > + char *fo_path;
> > > + char *mesg;
> > > +
> > > + /* sanity check */
> > > + if (size <= 0)
> > > + return -EINVAL;
> >
> > Not only is size never negative, it's actually an unsigned type here, so
> > this is a no-op.
>
> No, It it equivalent to
> if (size == 0)
>
> which alternative is clearer and more maintainable is debatable.
>
> >
> > > +
> > > + if (buf[size-1] == '\n')
> > > + buf[size-1] = 0;
> >
> > The other write methods in this file actually just do
> >
> > if (buf[size-1] != '\n')
> > return -EINVAL;
>
> and those which don't check for size == 0 are underflowing an array.
> That should probably be fixed.
?
--b.
commit 6685389d610950126f700d25f3d010c7049441c3
Author: J. Bruce Fields <bfields@citi.umich.edu>
Date: Tue Jan 22 17:40:42 2008 -0500
nfsd: more careful input validation in nfsctl write methods
Neil Brown points out that we're checking buf[size-1] in a couple places
without first checking whether size is zero.
Actually, given the implementation of simple_transaction_get(), buf[-1]
is zero, so in both of these cases the subsequent check of the value of
buf[size-1] will catch this case.
But it seems fragile to depend on that, so add explicit checks for this
case.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Cc: Neil Brown <neilb@suse.de>
diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index 61015cf..9ed2a2b 100644
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -304,6 +304,9 @@ static ssize_t write_filehandle(struct file *file, char *buf, size_t size)
struct auth_domain *dom;
struct knfsd_fh fh;
+ if (size == 0)
+ return -EINVAL;
+
if (buf[size-1] != '\n')
return -EINVAL;
buf[size-1] = 0;
@@ -663,7 +666,7 @@ static ssize_t write_recoverydir(struct file *file, char *buf, size_t size)
char *recdir;
int len, status;
- if (size > PATH_MAX || buf[size-1] != '\n')
+ if (size == 0 || size > PATH_MAX || buf[size-1] != '\n')
return -EINVAL;
buf[size-1] = 0;
next prev parent reply other threads:[~2008-01-22 22:53 UTC|newest]
Thread overview: 117+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-07 5:39 [Cluster-devel] [PATCH 1/2] NLM failover unlock commands Wendy Cheng
2008-01-07 5:39 ` Wendy Cheng
[not found] ` <message from Wendy Cheng on Monday January 7>
2008-01-08 5:18 ` [Cluster-devel] " Neil Brown
2008-01-08 5:18 ` Neil Brown
2008-01-09 2:51 ` [Cluster-devel] " Wendy Cheng
2008-01-09 2:51 ` Wendy Cheng
2008-01-08 5:31 ` [Cluster-devel] Re: [PATCH 2/2] Fix lockd panic Neil Brown
2008-01-08 5:31 ` Neil Brown
2008-01-09 3:02 ` [Cluster-devel] " Wendy Cheng
2008-01-09 3:02 ` Wendy Cheng
2008-01-09 4:43 ` [Cluster-devel] " Wendy Cheng
2008-01-09 4:43 ` Wendy Cheng
2008-01-09 23:33 ` [Cluster-devel] " Wendy Cheng
2008-01-09 23:33 ` Wendy Cheng
2008-01-12 6:51 ` [Cluster-devel] " Wendy Cheng
2008-01-12 6:51 ` Wendy Cheng
2008-01-08 17:02 ` [Cluster-devel] Re: [PATCH 1/2] NLM failover unlock commands Christoph Hellwig
2008-01-08 17:02 ` Christoph Hellwig
2008-01-08 17:49 ` [Cluster-devel] " Christoph Hellwig
2008-01-08 17:49 ` Christoph Hellwig
2008-01-08 20:57 ` [Cluster-devel] " Wendy Cheng
2008-01-08 20:57 ` Wendy Cheng
2008-01-09 18:02 ` [Cluster-devel] " Christoph Hellwig
2008-01-09 18:02 ` Christoph Hellwig
2008-01-10 7:59 ` [Cluster-devel] " Christoph Hellwig
2008-01-10 7:59 ` Christoph Hellwig
2008-01-12 7:03 ` [Cluster-devel] " Wendy Cheng
2008-01-12 7:03 ` Wendy Cheng
2008-01-12 9:38 ` [Cluster-devel] " Christoph Hellwig
2008-01-12 9:38 ` Christoph Hellwig
2008-01-14 23:07 ` [Cluster-devel] " J. Bruce Fields
2008-01-14 23:07 ` J. Bruce Fields
[not found] ` <message from J. Bruce Fields on Monday January 14>
2008-01-14 23:31 ` [Cluster-devel] " Neil Brown
2008-01-14 23:31 ` Neil Brown
[not found] ` <18315.61638.14133.308991-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
2008-01-15 16:38 ` Chuck Lever
2008-01-22 22:53 ` J. Bruce Fields [this message]
2008-01-22 22:53 ` J. Bruce Fields
[not found] ` <message from J. Bruce Fields on Tuesday January 22>
2008-01-24 4:02 ` [Cluster-devel] " Neil Brown
2008-01-24 4:02 ` Neil Brown
2008-01-15 16:14 ` [Cluster-devel] " Wendy Cheng
2008-01-15 16:14 ` Wendy Cheng
2008-01-15 16:30 ` [Cluster-devel] " J. Bruce Fields
2008-01-15 16:30 ` J. Bruce Fields
[not found] ` <message from Wendy Cheng on Saturday January 12>
2008-01-14 23:52 ` [Cluster-devel] " Neil Brown
2008-01-14 23:52 ` Neil Brown
2008-01-15 20:17 ` [Cluster-devel] " Wendy Cheng
2008-01-15 20:17 ` Wendy Cheng
[not found] ` <message from Wendy Cheng on Tuesday January 15>
2008-01-15 20:50 ` [Cluster-devel] " Neil Brown
2008-01-15 20:50 ` Neil Brown
2008-01-15 20:56 ` [Cluster-devel] " Wendy Cheng
2008-01-15 20:56 ` Wendy Cheng
2008-01-15 22:48 ` [Cluster-devel] " Wendy Cheng
2008-01-15 22:48 ` Wendy Cheng
2008-01-17 15:10 ` [Cluster-devel] " J. Bruce Fields
2008-01-17 15:10 ` J. Bruce Fields
2008-01-17 15:48 ` [Cluster-devel] " Wendy Cheng
2008-01-17 15:48 ` Wendy Cheng
2008-01-17 16:08 ` [Cluster-devel] " Wendy Cheng
2008-01-17 16:08 ` Wendy Cheng
2008-01-17 16:10 ` [Cluster-devel] " Wendy Cheng
2008-01-17 16:10 ` Wendy Cheng
2008-01-18 10:21 ` [Cluster-devel] " Frank van Maarseveen
2008-01-18 10:21 ` Frank van Maarseveen
2008-01-18 15:00 ` [Cluster-devel] " Wendy Cheng
2008-01-18 15:00 ` Wendy Cheng
2008-01-17 16:14 ` [Cluster-devel] " J. Bruce Fields
2008-01-17 16:14 ` J. Bruce Fields
2008-01-17 16:17 ` [Cluster-devel] " Wendy Cheng
2008-01-17 16:17 ` Wendy Cheng
2008-01-17 16:21 ` [Cluster-devel] " J. Bruce Fields
2008-01-17 16:21 ` J. Bruce Fields
2008-01-17 16:31 ` [Cluster-devel] " J. Bruce Fields
2008-01-17 16:31 ` J. Bruce Fields
2008-01-17 16:31 ` [Cluster-devel] " Wendy Cheng
2008-01-17 16:31 ` Wendy Cheng
2008-01-17 16:40 ` [Cluster-devel] " J. Bruce Fields
2008-01-17 16:40 ` J. Bruce Fields
2008-01-17 17:35 ` Frank Filz
2008-01-17 17:59 ` [Cluster-devel] " Wendy Cheng
2008-01-17 17:59 ` Wendy Cheng
2008-01-17 18:07 ` [Cluster-devel] " Wendy Cheng
2008-01-17 18:07 ` Wendy Cheng
2008-01-17 20:23 ` [Cluster-devel] " J. Bruce Fields
2008-01-17 20:23 ` J. Bruce Fields
2008-01-18 10:03 ` [Cluster-devel] " Frank van Maarseveen
2008-01-18 10:03 ` Frank van Maarseveen
2008-01-18 14:56 ` [Cluster-devel] " Wendy Cheng
2008-01-18 14:56 ` Wendy Cheng
2008-01-24 16:00 ` [Cluster-devel] " J. Bruce Fields
2008-01-24 16:00 ` J. Bruce Fields
2008-01-24 16:19 ` Peter Staubach
2008-01-24 16:39 ` [Cluster-devel] " J. Bruce Fields
2008-01-24 16:39 ` J. Bruce Fields
2008-01-24 19:45 ` [Cluster-devel] " Wendy Cheng
2008-01-24 19:45 ` Wendy Cheng
2008-01-24 20:19 ` [Cluster-devel] " J. Bruce Fields
2008-01-24 20:19 ` J. Bruce Fields
2008-01-24 21:06 ` [Cluster-devel] " Wendy Cheng
2008-01-24 21:06 ` Wendy Cheng
2008-01-24 21:40 ` [Cluster-devel] " J. Bruce Fields
2008-01-24 21:40 ` J. Bruce Fields
2008-01-24 21:49 ` [Cluster-devel] " Wendy Cheng
2008-01-24 21:49 ` Wendy Cheng
2008-01-28 3:46 ` [Cluster-devel] " Felix Blyakher
2008-01-28 3:46 ` Felix Blyakher
2008-01-28 15:56 ` [Cluster-devel] " Wendy Cheng
2008-01-28 15:56 ` Wendy Cheng
2008-01-28 17:06 ` [Cluster-devel] " Felix Blyakher
2008-01-28 17:06 ` Felix Blyakher
2008-01-16 4:19 ` Neil Brown
2008-01-16 4:19 ` Neil Brown
2008-01-09 3:49 ` [Cluster-devel] " Wendy Cheng
2008-01-09 3:49 ` Wendy Cheng
2008-01-09 16:13 ` [Cluster-devel] " J. Bruce Fields
2008-01-09 16:13 ` J. Bruce Fields
-- strict thread matches above, loose matches on Subject: below --
2008-01-07 5:53 [Cluster-devel] [PATCH 2/2] Fix lockd panic Wendy Cheng
2008-01-07 5:53 ` Wendy Cheng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080122225312.GO24697@fieldses.org \
--to=bfields@fieldses.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.