From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Zichen Xie <zichenxie0106@gmail.com>,
Benjamin Coddington <bcodding@redhat.com>,
Anna Schumaker <anna.schumaker@oracle.com>,
Sasha Levin <sashal@kernel.org>,
trondmy@kernel.org, anna@kernel.org, linux-nfs@vger.kernel.org
Subject: [PATCH AUTOSEL 6.13 6/8] NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
Date: Wed, 29 Jan 2025 07:58:59 -0500 [thread overview]
Message-ID: <20250129125904.1272926-6-sashal@kernel.org> (raw)
In-Reply-To: <20250129125904.1272926-1-sashal@kernel.org>
From: Zichen Xie <zichenxie0106@gmail.com>
[ Upstream commit 49fd4e34751e90e6df009b70cd0659dc839e7ca8 ]
name is char[64] where the size of clnt->cl_program->name remains
unknown. Invoking strcat() directly will also lead to potential buffer
overflow. Change them to strscpy() and strncat() to fix potential
issues.
Signed-off-by: Zichen Xie <zichenxie0106@gmail.com>
Reviewed-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Anna Schumaker <anna.schumaker@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/sysfs.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/nfs/sysfs.c b/fs/nfs/sysfs.c
index bf378ecd5d9fd..7b59a40d40c06 100644
--- a/fs/nfs/sysfs.c
+++ b/fs/nfs/sysfs.c
@@ -280,9 +280,9 @@ void nfs_sysfs_link_rpc_client(struct nfs_server *server,
char name[RPC_CLIENT_NAME_SIZE];
int ret;
- strcpy(name, clnt->cl_program->name);
- strcat(name, uniq ? uniq : "");
- strcat(name, "_client");
+ strscpy(name, clnt->cl_program->name, sizeof(name));
+ strncat(name, uniq ? uniq : "", sizeof(name) - strlen(name) - 1);
+ strncat(name, "_client", sizeof(name) - strlen(name) - 1);
ret = sysfs_create_link_nowarn(&server->kobj,
&clnt->cl_sysfs->kobject, name);
--
2.39.5
next prev parent reply other threads:[~2025-01-29 14:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-29 12:58 [PATCH AUTOSEL 6.13 1/8] serial: 8250_pci: Resolve WCH vendor ID ambiguity Sasha Levin
2025-01-29 12:58 ` [PATCH AUTOSEL 6.13 2/8] serial: 8250_pci: Share WCH IDs with parport_serial driver Sasha Levin
2025-01-29 12:58 ` [PATCH AUTOSEL 6.13 3/8] 8250: microchip: pci1xxxx: Add workaround for RTS bit toggle Sasha Levin
2025-01-29 12:58 ` [PATCH AUTOSEL 6.13 4/8] kunit: platform: Resolve 'struct completion' warning Sasha Levin
2025-01-29 12:58 ` [PATCH AUTOSEL 6.13 5/8] vfio/pci: Enable iowrite64 and ioread64 for vfio pci Sasha Levin
2025-01-29 12:58 ` Sasha Levin [this message]
2025-01-29 12:59 ` [PATCH AUTOSEL 6.13 7/8] vfio/nvgrace-gpu: Read dvsec register to determine need for uncached resmem Sasha Levin
2025-01-29 12:59 ` [PATCH AUTOSEL 6.13 8/8] vfio/nvgrace-gpu: Expose the blackwell device PF BAR1 to the VM Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250129125904.1272926-6-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=anna.schumaker@oracle.com \
--cc=anna@kernel.org \
--cc=bcodding@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=trondmy@kernel.org \
--cc=zichenxie0106@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox