[prev in list] [next in list] [prev in thread] [next in thread] 

List:       btrfs-devel
Subject:    [btrfs-devel][patch]use strnlen to deal with string from user space
From:       yanzheng () 21cn ! com (Yan Zheng)
Date:       2007-09-20 7:46:14
Message-ID: 3d0408630709200746k13d3e343t395d908962b1bfc2 () mail ! gmail ! com
[Download RAW message or body]

Hello

I think strlen is unsafe here

Regards
YZ

diff -r 24c661119092 inode.c
--- a/inode.c	Mon Sep 17 11:25:58 2007 -0400
+++ b/inode.c	Thu Sep 20 22:25:34 2007 +0800
@@ -1985,7 +1988,7 @@ static int btrfs_ioctl_snap_create(struc
 	if (copy_from_user(&vol_args, arg, sizeof(vol_args)))
 		return -EFAULT;
 	
-	namelen = strlen(vol_args.name);
+	namelen = strnlen(vol_args.name, BTRFS_VOL_NAME_MAX + 1);
 	if (namelen > BTRFS_VOL_NAME_MAX)
 		return -EINVAL;
 	if (strchr(vol_args.name, '/'))

[prev in list] [next in list] [prev in thread] [next in thread]