[Devel] [PATCH 1/2] Ensure nul-termination of file names read from checkpoint images
Matt Helsley
matthltc at us.ibm.com
Fri Oct 23 10:58:27 PDT 2009
Don't rely on the checkpoint image to properly terminate the filename.
Passing PATH_MAX + 1 won't work since it's a maximum -- not the number
of bytes to allocate. Allocate space for the string, copy an amount
according to the header length (limited to < PATH_MAX), and ensure that
it's nul-terminated.
Signed-off-by: Matt Helsley <matthltc at us.ibm.com>
---
checkpoint/files.c | 12 +++++++++++-
1 files changed, 11 insertions(+), 1 deletions(-)
diff --git a/checkpoint/files.c b/checkpoint/files.c
index f6de07e..0564666 100644
--- a/checkpoint/files.c
+++ b/checkpoint/files.c
@@ -443,6 +443,7 @@ struct file *restore_open_fname(struct ckpt_ctx *ctx, int flags)
struct ckpt_hdr *h;
struct file *file;
char *fname;
+ int len;
/* prevent bad input from doing bad things */
if (flags & (O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC))
@@ -451,10 +452,19 @@ struct file *restore_open_fname(struct ckpt_ctx *ctx, int flags)
h = ckpt_read_buf_type(ctx, PATH_MAX, CKPT_HDR_FILE_NAME);
if (IS_ERR(h))
return (struct file *) h;
- fname = (char *) (h + 1);
+ len = h->len - sizeof(*h);
+ fname = kmalloc(len + 1, GFP_KERNEL);
+ if (!fname) {
+ file = NULL;
+ goto out;
+ }
+ strncpy(fname, (char *) (h + 1), len);
+ fname[len] = '\0';
ckpt_debug("fname '%s' flags %#x\n", fname, flags);
file = filp_open(fname, flags, 0);
+ kfree(fname);
+out:
ckpt_hdr_put(ctx, h);
return file;
--
1.5.6.3
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list