[Devel] Re: [patch] cgroups: save space for the terminator

Serge E. Hallyn serge at hallyn.com
Sun Jul 11 17:10:22 PDT 2010


Quoting Dan Carpenter (error27 at gmail.com):
> The original code didn't leave enough space for a NULL terminator.
> These strings are copied with strcpy() into fixed length buffers in
> cgroup_root_from_opts().
>  
> Signed-off-by: Dan Carpenter <error27 at gmail.com>

Hmm, yes - the fact that kstrndup() allocs len+1 probably threw off
the author of these original lines.  Thanks for spotting this!

Acked-by: Serge E. Hallyn <serge at hallyn.com>


> diff --git a/kernel/cgroup.c b/kernel/cgroup.c
> index 3ac6f5b..a942820 100644
> --- a/kernel/cgroup.c
> +++ b/kernel/cgroup.c
> @@ -1102,7 +1102,7 @@ static int parse_cgroupfs_options(char *data, struct cgroup_sb_opts *opts)
>  			if (opts->release_agent)
>  				return -EINVAL;
>  			opts->release_agent =
> -				kstrndup(token + 14, PATH_MAX, GFP_KERNEL);
> +				kstrndup(token + 14, PATH_MAX - 1, GFP_KERNEL);
>  			if (!opts->release_agent)
>  				return -ENOMEM;
>  		} else if (!strncmp(token, "name=", 5)) {
> @@ -1123,7 +1123,7 @@ static int parse_cgroupfs_options(char *data, struct cgroup_sb_opts *opts)
>  			if (opts->name)
>  				return -EINVAL;
>  			opts->name = kstrndup(name,
> -					      MAX_CGROUP_ROOT_NAMELEN,
> +					      MAX_CGROUP_ROOT_NAMELEN - 1,
>  					      GFP_KERNEL);
>  			if (!opts->name)
>  				return -ENOMEM;
> _______________________________________________
> Containers mailing list
> Containers at lists.linux-foundation.org
> https://lists.linux-foundation.org/mailman/listinfo/containers
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers




More information about the Devel mailing list