From: Martin Brandenburg <martin@omnibond.com>
Date: Mon, 29 Feb 2016 21:07:35 +0000 (-0500)
Subject: orangefs: Avoid symlink upcall if target is too long.
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=c62da5853de5564e367932185500f96ab70a6f7c;p=linux-beck.git

orangefs: Avoid symlink upcall if target is too long.

Previously the client-core detected this condition by sheer luck!

Since we used strncpy, no NUL byte would be included on the name. The
client-core would call strlen, which would read past the end of its
buffer, but return a number large enough that the client-core would
return ENAMETOOLONG.

Signed-off-by: Martin Brandenburg <martin@omnibond.com>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
---

diff --git a/fs/orangefs/namei.c b/fs/orangefs/namei.c
index 650ff299738b..5a60c508af4e 100644
--- a/fs/orangefs/namei.c
+++ b/fs/orangefs/namei.c
@@ -269,6 +269,9 @@ static int orangefs_symlink(struct inode *dir,
 	if (!symname)
 		return -EINVAL;
 
+	if (strlen(symname)+1 > ORANGEFS_NAME_MAX)
+		return -ENAMETOOLONG;
+
 	new_op = op_alloc(ORANGEFS_VFS_OP_SYMLINK);
 	if (!new_op)
 		return -ENOMEM;