| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250129125930.1273051-6-sashal@kernel.org> Date: Wed, 29 Jan 2025 07:59:26 -0500 From: Sasha Levin <sashal@...nel.org> To: linux-kernel@...r.kernel.org, stable@...r.kernel.org Cc: Zichen Xie <zichenxie0106@...il.com>, Benjamin Coddington <bcodding@...hat.com>, Anna Schumaker <anna.schumaker@...cle.com>, Sasha Levin <sashal@...nel.org>, trondmy@...nel.org, anna@...nel.org, linux-nfs@...r.kernel.org Subject: [PATCH AUTOSEL 6.12 6/8] NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() From: Zichen Xie <zichenxie0106@...il.com> [ Upstream commit 49fd4e34751e90e6df009b70cd0659dc839e7ca8 ] name is char[64] where the size of clnt->cl_program->name remains unknown. Invoking strcat() directly will also lead to potential buffer overflow. Change them to strscpy() and strncat() to fix potential issues. Signed-off-by: Zichen Xie <zichenxie0106@...il.com> Reviewed-by: Benjamin Coddington <bcodding@...hat.com> Signed-off-by: Anna Schumaker <anna.schumaker@...cle.com> Signed-off-by: Sasha Levin <sashal@...nel.org> --- fs/nfs/sysfs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/nfs/sysfs.c b/fs/nfs/sysfs.c index bf378ecd5d9fd..7b59a40d40c06 100644 --- a/fs/nfs/sysfs.c +++ b/fs/nfs/sysfs.c @@ -280,9 +280,9 @@ void nfs_sysfs_link_rpc_client(struct nfs_server *server, char name[RPC_CLIENT_NAME_SIZE]; int ret; - strcpy(name, clnt->cl_program->name); - strcat(name, uniq ? uniq : ""); - strcat(name, "_client"); + strscpy(name, clnt->cl_program->name, sizeof(name)); + strncat(name, uniq ? uniq : "", sizeof(name) - strlen(name) - 1); + strncat(name, "_client", sizeof(name) - strlen(name) - 1); ret = sysfs_create_link_nowarn(&server->kobj, &clnt->cl_sysfs->kobject, name); -- 2.39.5
Powered by blists - more mailing lists