[1/4] nfs-utils: nfsdctl: fix update_listeners

Message ID	20250205154333.58646-2-okorniev@redhat.com (mailing list archive)
State	New
Headers	show Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7934415FA7B for <linux-nfs@vger.kernel.org>; Wed, 5 Feb 2025 15:43:42 +0000 (UTC) From: Olga Kornievskaia <okorniev@redhat.com> To: steved@redhat.com Cc: linux-nfs@vger.kernel.org, Olga Kornievskaia <okorniev@redhat.com> Subject: [PATCH 1/4] nfs-utils: nfsdctl: fix update_listeners Date: Wed, 5 Feb 2025 10:43:30 -0500 Message-Id: <20250205154333.58646-2-okorniev@redhat.com> In-Reply-To: <20250205154333.58646-1-okorniev@redhat.com> References: <20250205154333.58646-1-okorniev@redhat.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	nfs-utils: nfsdctl fixups \| expand [0/4] nfs-utils: nfsdctl fixups [1/4] nfs-utils: nfsdctl: fix update_listeners [2/4] nfs-utils: nfsdctl: fix autostart [3/4] nfs-utils: nfsdctl: cleanup listeners if some failed [4/4] nfs-utils: nfsdctl: fix host-limited add listener

Message ID

20250205154333.58646-2-okorniev@redhat.com (mailing list archive)

State

New

Headers

From: Olga Kornievskaia <okorniev@redhat.com>
To: steved@redhat.com
Cc: linux-nfs@vger.kernel.org,
	Olga Kornievskaia <okorniev@redhat.com>
Subject: [PATCH 1/4] nfs-utils: nfsdctl: fix update_listeners
Date: Wed,  5 Feb 2025 10:43:30 -0500
Message-Id: <20250205154333.58646-2-okorniev@redhat.com>
In-Reply-To: <20250205154333.58646-1-okorniev@redhat.com>
References: <20250205154333.58646-1-okorniev@redhat.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

nfs-utils: nfsdctl fixups | expand

Commit Message

Olga Kornievskaia Feb. 5, 2025, 3:43 p.m. UTC

When adding a listener via an nfsdctl listener command and
passing in a hostname that is longer then 62bytes it leads
to a buffer overlow problem.

Instead allocate the needed buffer to be the size of the
supplied command-line argument.

Fixes: 8c32613d5311 ("nfsdctl: add the nfsdctl utility to nfs-utils")
Signed-off-by: Olga Kornievskaia <okorniev@redhat.com>
---
 utils/nfsdctl/nfsdctl.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/utils/nfsdctl/nfsdctl.c b/utils/nfsdctl/nfsdctl.c
index 0e93beda..0530dfdd 100644
--- a/utils/nfsdctl/nfsdctl.c
+++ b/utils/nfsdctl/nfsdctl.c
@@ -938,8 +938,6 @@  static void print_listeners(void)
 	}
 }
 
-#define BUFLEN (INET6_ADDRSTRLEN + 16)
-
 /*
  * Format is <+/-><netid>:<address>:port
  *
@@ -950,7 +948,7 @@  static void print_listeners(void)
  */
 static int update_listeners(const char *str)
 {
-	char buf[INET6_ADDRSTRLEN + 16];
+	char *buf;
 	char sign = *str;
 	char *netid, *addr, *port, *end;
 	struct addrinfo *res;
@@ -963,6 +961,9 @@  static int update_listeners(const char *str)
 	if (sign != '+' && sign != '-')
 		goto out_inval;
 
+	buf = malloc(strlen(str) + 1);
+	if (!buf)
+		goto out_inval;
 	strcpy(buf, str + 1);
 
 	/* netid is start */
@@ -971,18 +972,18 @@  static int update_listeners(const char *str)
 	/* find first ':' */
 	addr = strchr(buf, ':');
 	if (!addr)
-		goto out_inval;
+		goto out_inval_free;
 
 	if (addr == buf) {
 		/* empty netid */
-		goto out_inval;
+		goto out_inval_free;
 	}
 	*addr = '\0';
 	++addr;
 
 	port = strrchr(addr, ':');
 	if (!port)
-		goto out_inval;
+		goto out_inval_free;
 	if (port == addr) {
 		/* empty address, give gai a NULL ptr */
 		addr = NULL;
@@ -992,7 +993,7 @@  static int update_listeners(const char *str)
 
 	if (*port == '\0') {
 		/* empty port */
-		goto out_inval;
+		goto out_inval_free;
 	}
 
 	/* IPv6 addrs must be in square brackets */
@@ -1001,7 +1002,7 @@  static int update_listeners(const char *str)
 		++addr;
 		end = strchr(addr, ']');
 		if (!end)
-			goto out_inval;
+			goto out_inval_free;
 		if (end == addr)
 			addr = NULL;
 		*end = '\0';
@@ -1070,7 +1071,10 @@  static int update_listeners(const char *str)
 			++nfsd_socket_count;
 		}
 	}
+	free(buf);
 	return 0;
+out_inval_free:
+	free(buf);
 out_inval:
 	fprintf(stderr, "Invalid listener update string: %s", str);
 	return -EINVAL;

[1/4] nfs-utils: nfsdctl: fix update_listeners

Commit Message

Patch