From patchwork Wed Mar 7 20:54:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10265349 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id BD2EB6016D for ; Wed, 7 Mar 2018 20:55:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AA1DB295AA for ; Wed, 7 Mar 2018 20:55:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9DC592960D; Wed, 7 Mar 2018 20:55:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id B63A4295AA for ; Wed, 7 Mar 2018 20:55:01 +0000 (UTC) Received: (qmail 14155 invoked by uid 550); 7 Mar 2018 20:54:59 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 14119 invoked from network); 7 Mar 2018 20:54:59 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition; bh=ileWHI5+By+Q+YpjCxvNDNzIe0/7iYAnR9RvaE86n3E=; b=dmZHUtsW8dvP+K+jcsx7d70GM0TJIn/kvLYweig900Y5qf+mhLK1EZGY98zCUa9NvX OJoNZCbBvrUWKucpx2WjPE/aJkcSK69sx0zYqsA3FhKI4Px74LZZwK8mJFonUJeJS3Ys /sqvpOqN7fGOr81VHj7/FAwlhFvR0VqdRlyQI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=ileWHI5+By+Q+YpjCxvNDNzIe0/7iYAnR9RvaE86n3E=; b=BsMMwZw6Wm2GGQscymvtVgaU91CgPJu+ydJU1kB1aUlR32AalKixlPWYlZIG0C4fuD 1xx6hiv/0A3CBO9zBaKZyh/Z2Gj37TzTN2+Ra+8iNyKhqHvE21VjVRNYrHCeCHKm98qn XAz8NQCW/lTXVy5o2tBZ4hUUhVDdLgYq/npTk5iaJCNfwlHCf6LEUcq59hIT7gJx7HY1 cO3sQl58mx9WeEissbEnn6G/HUKuBBLrAzQZhuMhL9l55KqE97zhhQvut3SHk99z1Pv+ 4vrDG56FyIir1iy9CNwY4jmv5M8FuhQIBIn1tg76YhO4z0GVVFM7QLWDwghubNEeNmxo W5nQ== X-Gm-Message-State: APf1xPAwRgLnlHutwobMOADApNic7erxvBvBk6/Ixq7Cggb4cTDVb9IY 5YsvNo5tpu21EjGWCcS+V1obRw== X-Google-Smtp-Source: AG47ELsjd6X6KCxGRYdR0e/2agKIIKKtkNXk2wmPkI+jBk8Vd+egTF3gcN+q63JPn162U8Qoxo7tVQ== X-Received: by 2002:a17:902:c1:: with SMTP id a59-v6mr21153312pla.284.1520456087229; Wed, 07 Mar 2018 12:54:47 -0800 (PST) Date: Wed, 7 Mar 2018 12:54:44 -0800 From: Kees Cook To: Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, Rasmus Villemoes , "Tobin C. Harding" , Tycho Andersen , Oleg Drokin , Andreas Dilger , James Simmons , Dmitry Eremin , Gargi Sharma , Lustre Development List , devel@driverdev.osuosl.org, Kernel Hardening Subject: [PATCH v2] staging: lustre: Remove VLA usage Message-ID: <20180307205444.GA11349@beast> MIME-Version: 1.0 Content-Disposition: inline X-Virus-Scanned: ClamAV using ClamSMTP The kernel would like to have all stack VLA usage removed[1]. This switches to a simple kasprintf() instead, and in the process fixes an off-by-one between the allocation and the sprintf (allocation did not include NULL byte in calculation). [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Kees Cook Reviewed-by: Rasmus Villemoes Reviewed-by: Andreas Dilger --- drivers/staging/lustre/lustre/llite/xattr.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/drivers/staging/lustre/lustre/llite/xattr.c b/drivers/staging/lustre/lustre/llite/xattr.c index 532384c91447..ff6fe81a4ddb 100644 --- a/drivers/staging/lustre/lustre/llite/xattr.c +++ b/drivers/staging/lustre/lustre/llite/xattr.c @@ -87,10 +87,10 @@ ll_xattr_set_common(const struct xattr_handler *handler, const char *name, const void *value, size_t size, int flags) { - char fullname[strlen(handler->prefix) + strlen(name) + 1]; struct ll_sb_info *sbi = ll_i2sbi(inode); struct ptlrpc_request *req = NULL; const char *pv = value; + char *fullname; __u64 valid; int rc; @@ -141,10 +141,13 @@ ll_xattr_set_common(const struct xattr_handler *handler, return -EPERM; } - sprintf(fullname, "%s%s\n", handler->prefix, name); + fullname = kasprintf(GFP_KERNEL, "%s%s\n", handler->prefix, name); + if (!fullname) + return -ENOMEM; rc = md_setxattr(sbi->ll_md_exp, ll_inode2fid(inode), valid, fullname, pv, size, 0, flags, ll_i2suppgid(inode), &req); + kfree(fullname); if (rc) { if (rc == -EOPNOTSUPP && handler->flags == XATTR_USER_T) { LCONSOLE_INFO("Disabling user_xattr feature because it is not supported on the server\n"); @@ -364,11 +367,11 @@ static int ll_xattr_get_common(const struct xattr_handler *handler, struct dentry *dentry, struct inode *inode, const char *name, void *buffer, size_t size) { - char fullname[strlen(handler->prefix) + strlen(name) + 1]; struct ll_sb_info *sbi = ll_i2sbi(inode); #ifdef CONFIG_FS_POSIX_ACL struct ll_inode_info *lli = ll_i2info(inode); #endif + char *fullname; int rc; CDEBUG(D_VFSTRACE, "VFS Op:inode=" DFID "(%p)\n", @@ -411,9 +414,13 @@ static int ll_xattr_get_common(const struct xattr_handler *handler, if (handler->flags == XATTR_ACL_DEFAULT_T && !S_ISDIR(inode->i_mode)) return -ENODATA; #endif - sprintf(fullname, "%s%s\n", handler->prefix, name); - return ll_xattr_list(inode, fullname, handler->flags, buffer, size, - OBD_MD_FLXATTR); + fullname = kasprintf(GFP_KERNEL, "%s%s\n", handler->prefix, name); + if (!fullname) + return -ENOMEM; + rc = ll_xattr_list(inode, fullname, handler->flags, buffer, size, + OBD_MD_FLXATTR); + kfree(fullname); + return rc; } static ssize_t ll_getxattr_lov(struct inode *inode, void *buf, size_t buf_size)