On Wed, Jan 07, 2009 at 07:22:58PM -0500, jim owens wrote:
> Josef Bacik wrote:
>> On Wed, Jan 07, 2009 at 03:19:38PM -0500, jim owens wrote:
>>> +int btrfs_xattr_security_init(struct inode *inode, struct inode *dir)
>>> +{
>>> + int err;
>>> + size_t len;
>>> + void *value;
>>> + char *suffix;
>>> + char *name;
>>> +
>>> + err = security_inode_init_security(inode, dir, &suffix, &value, &len);
>>> + if (err) {
>>> + if (err == -EOPNOTSUPP)
>>> + return 0;
>>> + return err;
>>> + }
>>> +
>>> + name = kmalloc(XATTR_SECURITY_PREFIX_LEN + strlen(suffix) + 1,
>>> + GFP_NOFS);
>>
>> Use kzalloc here otherwise the end of name could be some random thing and
>> strlen() will read past the end of the memory. Thanks,
>
> I don't understand what you think can happen...
>
> + strcpy(name, XATTR_SECURITY_PREFIX);
> + strcpy(name + XATTR_SECURITY_PREFIX_LEN, suffix);
>
> always forces "name" to be \0 terminated.
>
Oh derr sorry I forget suffix is \0 terminated. Nevermind.
Josef
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
