diff mbox series

libnsm: safer atomic filenames

Message ID 95b7c243dae00ef4fd745f2b6d2cd0c979779237.1731514115.git.bcodding@redhat.com (mailing list archive)
State New
Headers show
Series libnsm: safer atomic filenames | expand

Commit Message

Benjamin Coddington Nov. 13, 2024, 4:11 p.m. UTC
We've gotten a report of reboot notifications being sent to domains that
end in '.new', which can happen if the NSM temporary pathname code leaves a
file behind.  Let's fix this up by prepending a single '.' to the temp path
which will never be resolvable as a DNS record.

https://lore.kernel.org/linux-nfs/04D30B5A-C53E-4920-ADCB-C77F5577669E@oracle.com/T/#t

Reported-by: Philip Rowlands <linux-nfs@dimebar.com>
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
---
 support/nsm/file.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)


base-commit: 38b46cb1f28737069d7887b5ccf7001ba4a4ff59

Comments

Chuck Lever Nov. 13, 2024, 4:12 p.m. UTC | #1
On Wed, Nov 13, 2024 at 11:11:11AM -0500, Benjamin Coddington wrote:
> We've gotten a report of reboot notifications being sent to domains that
> end in '.new', which can happen if the NSM temporary pathname code leaves a
> file behind.  Let's fix this up by prepending a single '.' to the temp path
> which will never be resolvable as a DNS record.
> 
> https://lore.kernel.org/linux-nfs/04D30B5A-C53E-4920-ADCB-C77F5577669E@oracle.com/T/#t
> 
> Reported-by: Philip Rowlands <linux-nfs@dimebar.com>
> Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
> ---
>  support/nsm/file.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/support/nsm/file.c b/support/nsm/file.c
> index f5b448015751..e0804136ccbe 100644
> --- a/support/nsm/file.c
> +++ b/support/nsm/file.c
> @@ -184,10 +184,10 @@ static char *
>  nsm_make_temp_pathname(const char *pathname)
>  {
>  	size_t size;
> -	char *path;
> +	char *path, *base;
>  	int len;
>  
> -	size = strlen(pathname) + sizeof(".new") + 2;
> +	size = strlen(pathname) + sizeof(".new") + 3;
>  	if (size > PATH_MAX)
>  		return NULL;
>  
> @@ -195,7 +195,11 @@ nsm_make_temp_pathname(const char *pathname)
>  	if (path == NULL)
>  		return NULL;
>  
> -	len = snprintf(path, size, "%s.new", pathname);
> +	base = strrchr(pathname, '/');
> +	strcpy(path, pathname);
> +
> +	len = base - pathname;
> +	len += snprintf(path + len + 1, size-len, ".%s.new", base+1);
>  	if (error_check(len, size)) {
>  		free(path);
>  		return NULL;
> 
> base-commit: 38b46cb1f28737069d7887b5ccf7001ba4a4ff59
> -- 
> 2.47.0
> 

Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Steve Dickson Nov. 20, 2024, 8:52 p.m. UTC | #2
On 11/13/24 11:11 AM, Benjamin Coddington wrote:
> We've gotten a report of reboot notifications being sent to domains that
> end in '.new', which can happen if the NSM temporary pathname code leaves a
> file behind.  Let's fix this up by prepending a single '.' to the temp path
> which will never be resolvable as a DNS record.
> 
> https://lore.kernel.org/linux-nfs/04D30B5A-C53E-4920-ADCB-C77F5577669E@oracle.com/T/#t
> 
> Reported-by: Philip Rowlands <linux-nfs@dimebar.com>
> Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Committed... (tag: nfs-utils-2-8-2-rc2)

steved.
> ---
>   support/nsm/file.c | 10 +++++++---
>   1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/support/nsm/file.c b/support/nsm/file.c
> index f5b448015751..e0804136ccbe 100644
> --- a/support/nsm/file.c
> +++ b/support/nsm/file.c
> @@ -184,10 +184,10 @@ static char *
>   nsm_make_temp_pathname(const char *pathname)
>   {
>   	size_t size;
> -	char *path;
> +	char *path, *base;
>   	int len;
>   
> -	size = strlen(pathname) + sizeof(".new") + 2;
> +	size = strlen(pathname) + sizeof(".new") + 3;
>   	if (size > PATH_MAX)
>   		return NULL;
>   
> @@ -195,7 +195,11 @@ nsm_make_temp_pathname(const char *pathname)
>   	if (path == NULL)
>   		return NULL;
>   
> -	len = snprintf(path, size, "%s.new", pathname);
> +	base = strrchr(pathname, '/');
> +	strcpy(path, pathname);
> +
> +	len = base - pathname;
> +	len += snprintf(path + len + 1, size-len, ".%s.new", base+1);
>   	if (error_check(len, size)) {
>   		free(path);
>   		return NULL;
> 
> base-commit: 38b46cb1f28737069d7887b5ccf7001ba4a4ff59
diff mbox series

Patch

diff --git a/support/nsm/file.c b/support/nsm/file.c
index f5b448015751..e0804136ccbe 100644
--- a/support/nsm/file.c
+++ b/support/nsm/file.c
@@ -184,10 +184,10 @@  static char *
 nsm_make_temp_pathname(const char *pathname)
 {
 	size_t size;
-	char *path;
+	char *path, *base;
 	int len;
 
-	size = strlen(pathname) + sizeof(".new") + 2;
+	size = strlen(pathname) + sizeof(".new") + 3;
 	if (size > PATH_MAX)
 		return NULL;
 
@@ -195,7 +195,11 @@  nsm_make_temp_pathname(const char *pathname)
 	if (path == NULL)
 		return NULL;
 
-	len = snprintf(path, size, "%s.new", pathname);
+	base = strrchr(pathname, '/');
+	strcpy(path, pathname);
+
+	len = base - pathname;
+	len += snprintf(path + len + 1, size-len, ".%s.new", base+1);
 	if (error_check(len, size)) {
 		free(path);
 		return NULL;