From: Jeff Layton <jlayton@kernel.org>
To: Olga Kornievskaia <okorniev@redhat.com>, steved@redhat.com
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH 1/1] nfs-utils: nfsdctl: fix update_listeners
Date: Tue, 04 Feb 2025 15:19:53 -0500 [thread overview]
Message-ID: <bfa34bfcd4ac802d59cb3323ea123d27f94e0cc8.camel@kernel.org> (raw)
In-Reply-To: <20250204164450.53127-1-okorniev@redhat.com>
On Tue, 2025-02-04 at 11:44 -0500, Olga Kornievskaia wrote:
> When adding a listener via an nfsdctl listener command and
> passing in a hostname that is longer then 62bytes it leads
> to a buffer overlow problem.
>
> Instead allocate the needed buffer to be the size of the
> supplied command-line argument.
>
> Fixes: 8c32613d5311 ("nfsdctl: add the nfsdctl utility to nfs-utils")
> Signed-off-by: Olga Kornievskaia <okorniev@redhat.com>
> ---
> utils/nfsdctl/nfsdctl.c | 20 ++++++++++++--------
> 1 file changed, 12 insertions(+), 8 deletions(-)
>
> diff --git a/utils/nfsdctl/nfsdctl.c b/utils/nfsdctl/nfsdctl.c
> index 0e93beda..0530dfdd 100644
> --- a/utils/nfsdctl/nfsdctl.c
> +++ b/utils/nfsdctl/nfsdctl.c
> @@ -938,8 +938,6 @@ static void print_listeners(void)
> }
> }
>
> -#define BUFLEN (INET6_ADDRSTRLEN + 16)
> -
> /*
> * Format is <+/-><netid>:<address>:port
> *
> @@ -950,7 +948,7 @@ static void print_listeners(void)
> */
> static int update_listeners(const char *str)
> {
> - char buf[INET6_ADDRSTRLEN + 16];
> + char *buf;
> char sign = *str;
> char *netid, *addr, *port, *end;
> struct addrinfo *res;
> @@ -963,6 +961,9 @@ static int update_listeners(const char *str)
> if (sign != '+' && sign != '-')
> goto out_inval;
>
> + buf = malloc(strlen(str) + 1);
> + if (!buf)
> + goto out_inval;
> strcpy(buf, str + 1);
>
> /* netid is start */
> @@ -971,18 +972,18 @@ static int update_listeners(const char *str)
> /* find first ':' */
> addr = strchr(buf, ':');
> if (!addr)
> - goto out_inval;
> + goto out_inval_free;
>
> if (addr == buf) {
> /* empty netid */
> - goto out_inval;
> + goto out_inval_free;
> }
> *addr = '\0';
> ++addr;
>
> port = strrchr(addr, ':');
> if (!port)
> - goto out_inval;
> + goto out_inval_free;
> if (port == addr) {
> /* empty address, give gai a NULL ptr */
> addr = NULL;
> @@ -992,7 +993,7 @@ static int update_listeners(const char *str)
>
> if (*port == '\0') {
> /* empty port */
> - goto out_inval;
> + goto out_inval_free;
> }
>
> /* IPv6 addrs must be in square brackets */
> @@ -1001,7 +1002,7 @@ static int update_listeners(const char *str)
> ++addr;
> end = strchr(addr, ']');
> if (!end)
> - goto out_inval;
> + goto out_inval_free;
> if (end == addr)
> addr = NULL;
> *end = '\0';
> @@ -1070,7 +1071,10 @@ static int update_listeners(const char *str)
> ++nfsd_socket_count;
> }
> }
> + free(buf);
> return 0;
> +out_inval_free:
> + free(buf);
> out_inval:
> fprintf(stderr, "Invalid listener update string: %s", str);
> return -EINVAL;
Reviewed-by: Jeff Layton <jlayton@kernel.org>
prev parent reply other threads:[~2025-02-04 20:19 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-04 16:44 [PATCH 1/1] nfs-utils: nfsdctl: fix update_listeners Olga Kornievskaia
2025-02-04 20:19 ` Jeff Layton [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bfa34bfcd4ac802d59cb3323ea123d27f94e0cc8.camel@kernel.org \
--to=jlayton@kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=okorniev@redhat.com \
--cc=steved@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox