From: Martin Brandenburg Date: Mon, 29 Feb 2016 21:07:35 +0000 (-0500) Subject: orangefs: Avoid symlink upcall if target is too long. X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=c62da5853de5564e367932185500f96ab70a6f7c;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git orangefs: Avoid symlink upcall if target is too long. Previously the client-core detected this condition by sheer luck! Since we used strncpy, no NUL byte would be included on the name. The client-core would call strlen, which would read past the end of its buffer, but return a number large enough that the client-core would return ENAMETOOLONG. Signed-off-by: Martin Brandenburg Signed-off-by: Mike Marshall --- diff --git a/fs/orangefs/namei.c b/fs/orangefs/namei.c index 650ff299738b..5a60c508af4e 100644 --- a/fs/orangefs/namei.c +++ b/fs/orangefs/namei.c @@ -269,6 +269,9 @@ static int orangefs_symlink(struct inode *dir, if (!symname) return -EINVAL; + if (strlen(symname)+1 > ORANGEFS_NAME_MAX) + return -ENAMETOOLONG; + new_op = op_alloc(ORANGEFS_VFS_OP_SYMLINK); if (!new_op) return -ENOMEM;