| Message ID | 87r30nsu2o.fsf@notabene.neil.brown.name (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c index b5cb921775a0..b62ab1a7bb98 100644 --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c @@ -287,6 +287,9 @@ static void rpc_clnt_set_nodename(struct rpc_clnt *clnt, const char *nodename) { clnt->cl_nodelen = strlcpy(clnt->cl_nodename, nodename, sizeof(clnt->cl_nodename)); + if (clnt->cl_nodelen >= sizeof(clnt->cl_nodename)) + /* nodename was truncated... */ + clnt->cl_nodelen = sizeof(clnt->cl_nodelen) - 1; } static int rpc_client_register(struct rpc_clnt *clnt,
rpc_clnt_set_nodename() appears to assume that the return value from strlcpy() is the size of the copied string. It is not. It is the size of the string that strlcpy() was asked to copy. If truncation happened, the return value will be longer than the buffer. So we need to compare the returned value with the buffer size-1 and record the smaller of the two. Signed-off-by: NeilBrown <neilb@suse.com> --- net/sunrpc/clnt.c | 3 +++ 1 file changed, 3 insertions(+)