summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorChuck Lever <chuck.lever@oracle.com>2009-04-24 01:32:25 +0200
committerJ. Bruce Fields <bfields@citi.umich.edu>2009-04-28 19:54:28 +0200
commit335c54bdc4d3bacdbd619ec95cd0b352435bd37f (patch)
tree922de1595031ab24a31ba263c1f07bf876797b05 /fs
parentNFSD: move lockd_up() before svc_addsock() (diff)
downloadlinux-335c54bdc4d3bacdbd619ec95cd0b352435bd37f.tar.xz
linux-335c54bdc4d3bacdbd619ec95cd0b352435bd37f.zip
NFSD: Prevent a buffer overflow in svc_xprt_names()
The svc_xprt_names() function can overflow its buffer if it's so near the end of the passed in buffer that the "name too long" string still doesn't fit. Of course, it could never tell if it was near the end of the passed in buffer, since its only caller passes in zero as the buffer length. Let's make this API a little safer. Change svc_xprt_names() so it *always* checks for a buffer overflow, and change its only caller to pass in the correct buffer length. If svc_xprt_names() does overflow its buffer, it now fails with an ENAMETOOLONG errno, instead of trying to write a message at the end of the buffer. I don't like this much, but I can't figure out a clean way that's always safe to return some of the names, *and* an indication that the buffer was not long enough. The displayed error when doing a 'cat /proc/fs/nfsd/portlist' is "File name too long". Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Diffstat (limited to 'fs')
-rw-r--r--fs/nfsd/nfsctl.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index e051847b93fb..6a1cd908e6bc 100644
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -918,7 +918,7 @@ static ssize_t __write_ports_names(char *buf)
{
if (nfsd_serv == NULL)
return 0;
- return svc_xprt_names(nfsd_serv, buf, 0);
+ return svc_xprt_names(nfsd_serv, buf, SIMPLE_TRANSACTION_LIMIT);
}
/*