Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 97ce0a7f authored by Dan Williams's avatar Dan Williams Committed by NeilBrown
Browse files

md: fix input truncation in safe_delay_store() 



safe_delay_store() currently truncates the last character of input since
it tells strlcpy that the buffer can only hold 'len' characters, off by
one.  sysfs already null terminates the buffer, so just increase the
last argument to strlcpy.

Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
Signed-off-by: default avatarNeilBrown <neilb@suse.de>
parent 08ff39f1

drivers/md/md.c

+3 −5
Original line number Diff line number Diff line
@@ -2394,12 +2394,11 @@ safe_delay_store(mddev_t *mddev, const char *cbuf, size_t len) 
	int i;

	unsigned long msec;

	char buf[30];

	char *e;



	/* remove a period, and count digits after it */

	if (len >= sizeof(buf))

		return -EINVAL;

	strlcpy(buf, cbuf, len);

	buf[len] = 0;

	strlcpy(buf, cbuf, sizeof(buf));

	for (i=0; i<len; i++) {

		if (dot) {

			if (isdigit(buf[i])) {
@@ -2412,8 +2411,7 @@ safe_delay_store(mddev_t *mddev, const char *cbuf, size_t len) 
			buf[i] = 0;

		}

	}

	msec = simple_strtoul(buf, &e, 10);

	if (e == buf || (*e && *e != '\n'))

	if (strict_strtoul(buf, 10, &msec) < 0)

		return -EINVAL;

	msec = (msec * 1000) / scale;

	if (msec == 0)