| Message ID | 20240624023118.2268917-1-make24@iscas.ac.cn (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | SUNRPC: check mlen in ip_map_parse() | expand |
On Mon, 24 Jun 2024, Ma Ke wrote: > We should check the parameter mlen before using 'mlen - 1' > expression for the 'mesg' array index. There is no need. This function is only called from cache_do_downcall() and that function already checks for zero. That function is only called from cache_downcall() which checks the size_t count is not >= 32768 so the fact that it is cast to an int for the ->cache_parse function cannot cause and overflow. I wouldn't object to ->cache_parse() and qword_get() and maybe others having their len parameter changed from int to size_t. But adding this extra test on mlen add no value. Thanks, NeilBrown > > Signed-off-by: Ma Ke <make24@iscas.ac.cn> > --- > net/sunrpc/svcauth_unix.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c > index 04b45588ae6f..816bf56597dd 100644 > --- a/net/sunrpc/svcauth_unix.c > +++ b/net/sunrpc/svcauth_unix.c > @@ -196,7 +196,7 @@ static int ip_map_parse(struct cache_detail *cd, > struct auth_domain *dom; > time64_t expiry; > > - if (mesg[mlen-1] != '\n') > + if (mlen && mesg[mlen - 1] != '\n') > return -EINVAL; > mesg[mlen-1] = 0; > > -- > 2.25.1 > >
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c index 04b45588ae6f..816bf56597dd 100644 --- a/net/sunrpc/svcauth_unix.c +++ b/net/sunrpc/svcauth_unix.c @@ -196,7 +196,7 @@ static int ip_map_parse(struct cache_detail *cd, struct auth_domain *dom; time64_t expiry; - if (mesg[mlen-1] != '\n') + if (mlen && mesg[mlen - 1] != '\n') return -EINVAL; mesg[mlen-1] = 0;
We should check the parameter mlen before using 'mlen - 1' expression for the 'mesg' array index. Signed-off-by: Ma Ke <make24@iscas.ac.cn> --- net/sunrpc/svcauth_unix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)