From patchwork Thu Feb  3 22:13:18 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Rob Landley <rlandley@parallels.com>
X-Patchwork-Id: 530741
X-Patchwork-Delegate: Trond.Myklebust@netapp.com
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id p13MCFdX029405
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Thu, 3 Feb 2011 22:13:23 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752471Ab1BCWNV (ORCPT
	<rfc822;patchwork-linux-nfs@patchwork.kernel.org>);
	Thu, 3 Feb 2011 17:13:21 -0500
Received: from mx2.parallels.com ([64.131.90.16]:57423 "EHLO
	mx2.parallels.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751897Ab1BCWNV (ORCPT <rfc822;linux-nfs@vger.kernel.org>);
	Thu, 3 Feb 2011 17:13:21 -0500
Received: from [96.31.168.206] (helo=mail.parallels.com)
	by mx2.parallels.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.72)
	(envelope-from <rlandley@parallels.com>) id 1Pl7QW-0002To-Oq
	for linux-nfs@vger.kernel.org; Thu, 03 Feb 2011 17:13:20 -0500
Received: from [192.168.2.108] (24.27.19.110) by mail.parallels.com
	(10.255.249.32) with Microsoft SMTP Server (TLS) id 14.1.218.12;
	Thu, 3 Feb 2011 14:13:19 -0800
Message-ID: <4D4B287E.70206@parallels.com>
Date: Thu, 3 Feb 2011 16:13:18 -0600
From: Rob Landley <rlandley@parallels.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
	rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7
MIME-Version: 1.0
To: <linux-nfs@vger.kernel.org>
Subject: [PATCH] Ensure user-supplied string null terminated before kstrdup()
X-Originating-IP: [24.27.19.110]
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]);
	Thu, 03 Feb 2011 22:13:23 +0000 (UTC)


diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index b68c860..0ad1255 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -1881,9 +1881,12 @@ static int nfs_validate_mount_data(void *options,
 
 		if (!(data->flags & NFS_MOUNT_TCP))
 			args->nfs_server.protocol = XPRT_TRANSPORT_UDP;
+		/* Force null termination of data->hostname no matter what
+		   user passed in. */
+		args->namlen		= data->namlen;
+		data->namlen = 0;
 		/* N.B. caller will free nfs_server.hostname in all cases */
 		args->nfs_server.hostname = kstrdup(data->hostname, GFP_KERNEL);
-		args->namlen		= data->namlen;
 		args->bsize		= data->bsize;
 
 		if (data->flags & NFS_MOUNT_SECFLAVOUR)