tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

afs: Fix storage of cell names

The cell name stored in the afs_cell struct is a 64-char + NUL buffer -
when it needs to be able to handle up to AFS_MAXCELLNAME (256 chars) + NUL.

Fix this by changing the array to a pointer and allocating the string.

Found using Coverity.

Fixes: 989782dcdc91 ("afs: Overhaul cell database management")
Reported-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

David Howells and committed by
Linus Torvalds 719fdd32 916a3b0f

+10 -1
+9
fs/afs/cell.c
··· 154 154 return ERR_PTR(-ENOMEM); 155 155 } 156 156 157 + cell->name = kmalloc(namelen + 1, GFP_KERNEL); 158 + if (!cell->name) { 159 + kfree(cell); 160 + return ERR_PTR(-ENOMEM); 161 + } 162 + 157 163 cell->net = net; 158 164 cell->name_len = namelen; 159 165 for (i = 0; i < namelen; i++) 160 166 cell->name[i] = tolower(name[i]); 167 + cell->name[i] = 0; 161 168 162 169 atomic_set(&cell->usage, 2); 163 170 INIT_WORK(&cell->manager, afs_manage_cell); ··· 214 207 if (ret == -EINVAL) 215 208 printk(KERN_ERR "kAFS: bad VL server IP address\n"); 216 209 error: 210 + kfree(cell->name); 217 211 kfree(cell); 218 212 _leave(" = %d", ret); 219 213 return ERR_PTR(ret); ··· 497 489 afs_put_vlserverlist(cell->net, rcu_access_pointer(cell->vl_servers)); 498 490 afs_put_cell(cell->net, cell->alias_of); 499 491 key_put(cell->anonymous_key); 492 + kfree(cell->name); 500 493 kfree(cell); 501 494 502 495 _leave(" [destroyed]");
+1 -1
fs/afs/internal.h
··· 388 388 struct afs_vlserver_list __rcu *vl_servers; 389 389 390 390 u8 name_len; /* Length of name */ 391 - char name[64 + 1]; /* Cell name, case-flattened and NUL-padded */ 391 + char *name; /* Cell name, case-flattened and NUL-padded */ 392 392 }; 393 393 394 394 /*