26 lines
971 B
Diff
26 lines
971 B
Diff
From: Ben Hutchings <ben@decadent.org.uk>
|
|
Date: Sun, 04 Oct 2009 14:25:50 +0100
|
|
Subject: [PATCH] nfs: Avoid overrun when copying client IP address string
|
|
|
|
As seen in <http://bugs.debian.org/549002>, nfs4_init_client() can
|
|
overrun the source string when copying the client IP address from
|
|
nfs_parsed_mount_data::client_address to nfs_client::cl_ipaddr. Since
|
|
these are both treated as null-terminated strings elsewhere, the copy
|
|
should be done with strlcpy() not memcpy().
|
|
|
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|
---
|
|
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
|
|
index 75c9cd2..f525a2f 100644
|
|
--- a/fs/nfs/client.c
|
|
+++ b/fs/nfs/client.c
|
|
@@ -1073,7 +1073,7 @@ static int nfs4_init_client(struct nfs_client *clp,
|
|
1, flags & NFS_MOUNT_NORESVPORT);
|
|
if (error < 0)
|
|
goto error;
|
|
- memcpy(clp->cl_ipaddr, ip_addr, sizeof(clp->cl_ipaddr));
|
|
+ strlcpy(clp->cl_ipaddr, ip_addr, sizeof(clp->cl_ipaddr));
|
|
|
|
error = nfs_idmap_new(clp);
|
|
if (error < 0) {
|