staging: lustre: fix buffer overflow of string buffer (9563fe8a) · Commits · e / devices / android_kernel_teracube_2e

drivers/staging/lustre/lnet/klnds/socklnd/socklnd.c

+5 −4

Original line number	Diff line number	Diff line
		@@ -2621,8 +2621,8 @@ ksocknal_enumerate_interfaces(ksock_net_t *net)

		net->ksnn_interfaces[j].ksni_ipaddr = ip;
		net->ksnn_interfaces[j].ksni_netmask = mask;
		strncpy(&net->ksnn_interfaces[j].ksni_name[0],
		names[i], IFNAMSIZ);
		strlcpy(net->ksnn_interfaces[j].ksni_name,
		names[i], sizeof(net->ksnn_interfaces[j].ksni_name));
		j++;
		}

		@@ -2805,8 +2805,9 @@ ksocknal_startup(lnet_ni_t *ni)
		goto fail_1;
		}

		strncpy(&net->ksnn_interfaces[i].ksni_name[0],
		ni->ni_interfaces[i], IFNAMSIZ);
		strlcpy(net->ksnn_interfaces[i].ksni_name,
		ni->ni_interfaces[i],
		sizeof(net->ksnn_interfaces[i].ksni_name));
		}
		net->ksnn_ninterfaces = i;
		}

+8 −6

Original line number	Diff line number	Diff line
		@@ -650,8 +650,8 @@ lnet_parse_route(char str, int im_a_router)
		INIT_LIST_HEAD(&nets);

		/* save a copy of the string for error messages */
		strncpy(cmd, str, sizeof(cmd) - 1);
		cmd[sizeof(cmd) - 1] = 0;
		strncpy(cmd, str, sizeof(cmd));
		cmd[sizeof(cmd) - 1] = '\0';

		sep = str;
		for (;;) {
		@@ -972,11 +972,13 @@ lnet_splitnets(char source, struct list_head nets)
		return 0;

		offset += (int)(sep - tb->ltb_text);
		tb2 = lnet_new_text_buf(strlen(sep));
		len = strlen(sep);
		tb2 = lnet_new_text_buf(len);
		if (tb2 == NULL)
		return -ENOMEM;

		strcpy(tb2->ltb_text, sep);
		strncpy(tb2->ltb_text, sep, len);
		tb2->ltb_text[len] = '\0';
		list_add_tail(&tb2->ltb_list, nets);

		tb = tb2;
		@@ -1021,8 +1023,8 @@ lnet_match_networks(char *networksp, char ip2nets, __u32 *ipaddrs, int nip)
		tb = list_entry(raw_entries.next, struct lnet_text_buf_t,
		ltb_list);

		strncpy(source, tb->ltb_text, sizeof(source)-1);
		source[sizeof(source)-1] = 0;
		strncpy(source, tb->ltb_text, sizeof(source));
		source[sizeof(source)-1] = '\0';

		/* replace ltb_text with the network(s) add on match */
		rc = lnet_match_network_tokens(tb->ltb_text, ipaddrs, nip);

+2 −2

Original line number	Diff line number	Diff line
		@@ -612,8 +612,8 @@ lstcon_sesrpc_prep(lstcon_node_t *nd, int transop,
		msrq = &(*crpc)->crp_rpc->crpc_reqstmsg.msg_body.mksn_reqst;
		msrq->mksn_sid = console_session.ses_id;
		msrq->mksn_force = console_session.ses_force;
		strncpy(msrq->mksn_name, console_session.ses_name,
		strlen(console_session.ses_name));
		strlcpy(msrq->mksn_name, console_session.ses_name,
		sizeof(msrq->mksn_name));
		break;

		case LST_TRANS_SESEND:

+4 −2

Original line number	Diff line number	Diff line
		@@ -1731,7 +1731,8 @@ lstcon_session_new(char *name, int key, unsigned feats,
		console_session.ses_feats_updated = 0;
		console_session.ses_timeout = (timeout <= 0) ?
		LST_CONSOLE_TIMEOUT : timeout;
		strcpy(console_session.ses_name, name);
		strlcpy(console_session.ses_name, name,
		sizeof(console_session.ses_name));

		rc = lstcon_batch_add(LST_DEFAULT_BATCH);
		if (rc != 0)
		@@ -1951,7 +1952,8 @@ lstcon_acceptor_handle(struct srpc_server_rpc *rpc)
		if (grp->grp_userland == 0)
		grp->grp_userland = 1;

		strcpy(jrep->join_session, console_session.ses_name);
		strlcpy(jrep->join_session, console_session.ses_name,
		sizeof(jrep->join_session));
		jrep->join_timeout = console_session.ses_timeout;
		jrep->join_status = 0;

+1 −0

Original line number	Diff line number	Diff line
		@@ -68,6 +68,7 @@
		everything as string options */

		#define LMD_MAGIC 0xbdacbd03
		#define LMD_PARAMS_MAXLEN 4096

		/* gleaned from the mount command - no persistent info here */
		struct lustre_mount_data {