diff options
| author |   David Sterba <dsterba@suse.com> | 2024-02-14 10:32:47 +0100 |
|---|---|---|
| committer | David Sterba <dsterba@suse.com> | 2024-03-04 16:24:52 +0100 |
| commit | 5ab2b180884c2b8e6fc923cd2a0aa5c744f45eec (patch) | |
| tree | ba59cd72e37b401349334e4b0859e574752025e1 /fs/btrfs/super.c | |
| parent | btrfs: remove no longer used btrfs_transaction_in_commit() (diff) | |
| download | wireguard-linux-5ab2b180884c2b8e6fc923cd2a0aa5c744f45eec.tar.xz wireguard-linux-5ab2b180884c2b8e6fc923cd2a0aa5c744f45eec.zip | |
btrfs: factor out validation of btrfs_ioctl_vol_args::name
The validation of vol args name in several ioctls is not done properly.
a terminating NUL is written to the end of the buffer unconditionally,
assuming that this would be the last place in case the buffer is used
completely. This does not communicate back the actual error (either an
invalid or too long path).
Factor out all such cases and use a helper to do the verification,
simply look for NUL in the buffer. There's no expected practical change,
the size of buffer is 4088, this is enough for most paths or names.
Reviewed-by: Boris Burkov <boris@bur.io>
Signed-off-by: David Sterba <dsterba@suse.com>
Diffstat (limited to '')
| -rw-r--r-- | fs/btrfs/super.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index 40ae264fd3ed..7e44ccaf348f 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -2201,7 +2201,9 @@ static long btrfs_control_ioctl(struct file *file, unsigned int cmd, vol = memdup_user((void __user *)arg, sizeof(*vol)); if (IS_ERR(vol)) return PTR_ERR(vol); - vol->name[BTRFS_PATH_NAME_MAX] = '\0'; + ret = btrfs_check_ioctl_vol_args_path(vol); + if (ret < 0) + goto out; switch (cmd) { case BTRFS_IOC_SCAN_DEV: @@ -2243,6 +2245,7 @@ static long btrfs_control_ioctl(struct file *file, unsigned int cmd, break; } +out: kfree(vol); return ret; } |