From patchwork Sat Jul 10 09:51:54 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 58467 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id E0700B6F06 for ; Sat, 10 Jul 2010 19:53:56 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753989Ab0GJJxd (ORCPT ); Sat, 10 Jul 2010 05:53:33 -0400 Received: from mail-fx0-f46.google.com ([209.85.161.46]:41035 "EHLO mail-fx0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753361Ab0GJJxb (ORCPT ); Sat, 10 Jul 2010 05:53:31 -0400 Received: by fxm14 with SMTP id 14so1548135fxm.19 for ; Sat, 10 Jul 2010 02:53:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:mail-followup-to:mime-version:content-type :content-disposition:user-agent; bh=Bs+xovnDd64jxvICDddgJ4Uq8Q9U9XTMCzaEgmGZI48=; b=GmwIYGJcUfP51T0HrWiSiF4NB154goaGIO/fsHuOquSfjI83LE1j4YE/GROnefLv4x 5r15kAVop0qdWSlPNnKWE1KL2Jse4RXfqgo9bnUzR6xKP1ldYktudzL00w+n1VmcPeJr j2dAAN1nxrwQsQSg7D+2C3cFfE1OgH6VIrA/Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:mail-followup-to:mime-version :content-type:content-disposition:user-agent; b=qqSlcG7bDyVCpCUBwko36RqePL208OVfylhheKdPJ7IzpfnHwph/yE47Dm0elr1hXP Q3XPcpWNYVLejiLfl5ogwhIWSkHhwNSVPBG3PjPqeTPP6Bz74wyqg86ZZSPGdh4dmcXj jzQiV1UcFKmyT9yRv70Enu1wkRskqliIoPebg= Received: by 10.86.51.19 with SMTP id y19mr7625656fgy.65.1278755609791; Sat, 10 Jul 2010 02:53:29 -0700 (PDT) Received: from bicker ([205.177.176.130]) by mx.google.com with ESMTPS id 8sm3953029fau.4.2010.07.10.02.53.17 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 10 Jul 2010 02:53:29 -0700 (PDT) Date: Sat, 10 Jul 2010 11:51:54 +0200 From: Dan Carpenter To: Eric Van Hensbergen Cc: "David S. Miller" , Abhishek Kulkarni , Venkateswararao Jujjuri , linux-kernel@vger.kernel.org, Tilman Sauerbeck , netdev@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [patch] 9p: strlen() doesn't count the terminator Message-ID: <20100710095154.GU19184@bicker> Mail-Followup-To: Dan Carpenter , Eric Van Hensbergen , "David S. Miller" , Abhishek Kulkarni , Venkateswararao Jujjuri , linux-kernel@vger.kernel.org, Tilman Sauerbeck , netdev@vger.kernel.org, kernel-janitors@vger.kernel.org MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This is an off by one bug because strlen() doesn't count the NULL terminator. We strcpy() addr into a fixed length array of size UNIX_PATH_MAX later on. The addr variable is the name of the device being mounted. CC: stable@kernel.org Signed-off-by: Dan Carpenter --- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c index 98ce9bc..c85109d 100644 --- a/net/9p/trans_fd.c +++ b/net/9p/trans_fd.c @@ -948,7 +948,7 @@ p9_fd_create_unix(struct p9_client *client, const char *addr, char *args) csocket = NULL; - if (strlen(addr) > UNIX_PATH_MAX) { + if (strlen(addr) >= UNIX_PATH_MAX) { P9_EPRINTK(KERN_ERR, "p9_trans_unix: address too long: %s\n", addr); return -ENAMETOOLONG;