|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On 02/03/2010 08:45 AM, Colin McCabe wrote:
When we create a static buffer for an inode name, and treat it like a null-terminated string, it needs to be of length CLD_INODE_NAME_MAX + 1 so that it can hold the NULL-terminator. In cldc_del and cldc_open, we should check that the user-submitted inode name is less than or equal to CLD_INODE_NAME_MAX. Formerly we were just checking that it wasn't too big to fit in the packet. When copying the inode name out of struct cld_dirent_cur, use snprintf rather than strcpy to ensure that we never overflow the buffer. This isn't strictly necessary if all other checks are working perfectly, but it seems prudent. Signed-off-by: Colin McCabe<cmccabe@xxxxxxxxxxxxxx>
applied, after s/snprintf/strncpy/In general, too, you should never pass a variable string into snprintf, as that may make a program vulnerable to printf format string attacks (user supplies "%s" as a username, for example).
A few other changes made to your XDR work:* "\n" removed from log messages, as that is appended as needed by log implementation
* user_key() restored. that is our authentication hook, and it must be called, even though it merely returns the username passed to it at present.
* msg type renamed back to msg op Jeff -- To unsubscribe from this list: send the line "unsubscribe hail-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html