[Devel] fuse: fix junk at in kio name
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Tue Aug 31 17:19:06 MSK 2021
On 31.08.2021 16:58, Alexey Kuznetsov wrote:
> Hello!
>
> On Tue, Aug 31, 2021 at 9:37 PM Pavel Tikhomirov
> <ptikhomirov at virtuozzo.com> wrote:
>> Please take a look on OPT_SUBTYPE and OPT_SOURCE options, do we actually
>> need strncpy here?
>
> Formally, сheck if (param->size > FUSE_KIO_NAME) must be enough.
>
> But better be safe than sorry. In this particular context we have no idea
> that param->size is correlated to actual string length. You may believe
> to caller, I would not.
>
>
>> vfs_parse_fs_string with it's kmemdup_nul already
>> puts null-terminated string in param.string, similarly null-terminated
>> string is provided by sys_fsconfig with strndup_user(_value, 256);
>
> Wrong! If you copy OPT_SUBTYPE or OPT_SOURCE
> to a buffer you use strncpy limited to sizeof of your local buffer
> no matter what is written on that fence :-)
Sure you are right, if we have
char kio_name[FUSE_KIO_NAME + 1];
and when we copy something to it we should limit strncpy with
FUSE_KIO_NAME size to be on the safe side.
So I just wanted to highlight that mainstream code relies that
param->string is a pointer to null terminated string and it can be
"stolen" like they do for OPT_SUBTYPE. So that we can do it too
(replacing kio_name buf with pointer and staff...). But I don't insist.
Reviewed-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
More information about the Devel
mailing list