| Message ID | 20241207193511.104802-1-idryomov@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | ceph: validate snapdirname option length when mounting | expand |
On Sat, 2024-12-07 at 20:35 +0100, Ilya Dryomov wrote: > It becomes a path component, so it shouldn't exceed NAME_MAX > characters. This was hardened in commit c152737be22b ("ceph: Use > strscpy() instead of strcpy() in __get_snap_name()"), but no actual > check was put in place. > > Cc: stable@vger.kernel.org > Signed-off-by: Ilya Dryomov <idryomov@gmail.com> > --- > fs/ceph/super.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/fs/ceph/super.c b/fs/ceph/super.c > index cfe21f320f4a..f86fc5fb858a 100644 > --- a/fs/ceph/super.c > +++ b/fs/ceph/super.c > @@ -431,6 +431,8 @@ static int ceph_parse_mount_param(struct > fs_context *fc, > > switch (token) { > case Opt_snapdirname: > + if (strlen(param->string) > NAME_MAX) > + return invalfc(fc, "snapdirname too long"); This check makes sense to me. :) Looks really good! Thanks, Slava. > kfree(fsopt->snapdir_name); > fsopt->snapdir_name = param->string; > param->string = NULL;
diff --git a/fs/ceph/super.c b/fs/ceph/super.c index cfe21f320f4a..f86fc5fb858a 100644 --- a/fs/ceph/super.c +++ b/fs/ceph/super.c @@ -431,6 +431,8 @@ static int ceph_parse_mount_param(struct fs_context *fc, switch (token) { case Opt_snapdirname: + if (strlen(param->string) > NAME_MAX) + return invalfc(fc, "snapdirname too long"); kfree(fsopt->snapdir_name); fsopt->snapdir_name = param->string; param->string = NULL;
It becomes a path component, so it shouldn't exceed NAME_MAX characters. This was hardened in commit c152737be22b ("ceph: Use strscpy() instead of strcpy() in __get_snap_name()"), but no actual check was put in place. Cc: stable@vger.kernel.org Signed-off-by: Ilya Dryomov <idryomov@gmail.com> --- fs/ceph/super.c | 2 ++ 1 file changed, 2 insertions(+)