diff mbox series

ceph: validate snapdirname option length when mounting

Message ID 20241207193511.104802-1-idryomov@gmail.com
State New
Headers show
Series ceph: validate snapdirname option length when mounting | expand

Commit Message

Ilya Dryomov Dec. 7, 2024, 7:35 p.m. UTC
It becomes a path component, so it shouldn't exceed NAME_MAX
characters.  This was hardened in commit c152737be22b ("ceph: Use
strscpy() instead of strcpy() in __get_snap_name()"), but no actual
check was put in place.

Cc: stable@vger.kernel.org
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---
 fs/ceph/super.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Viacheslav Dubeyko Dec. 9, 2024, 6:39 p.m. UTC | #1
On Sat, 2024-12-07 at 20:35 +0100, Ilya Dryomov wrote:
> It becomes a path component, so it shouldn't exceed NAME_MAX
> characters.  This was hardened in commit c152737be22b ("ceph: Use
> strscpy() instead of strcpy() in __get_snap_name()"), but no actual
> check was put in place.
> 
> Cc: stable@vger.kernel.org
> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
> ---
>  fs/ceph/super.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/fs/ceph/super.c b/fs/ceph/super.c
> index cfe21f320f4a..f86fc5fb858a 100644
> --- a/fs/ceph/super.c
> +++ b/fs/ceph/super.c
> @@ -431,6 +431,8 @@ static int ceph_parse_mount_param(struct
> fs_context *fc,
>  
>  	switch (token) {
>  	case Opt_snapdirname:
> +		if (strlen(param->string) > NAME_MAX)
> +			return invalfc(fc, "snapdirname too long");

This check makes sense to me. :) Looks really good!

Thanks,
Slava.


>  		kfree(fsopt->snapdir_name);
>  		fsopt->snapdir_name = param->string;
>  		param->string = NULL;
diff mbox series

Patch

diff --git a/fs/ceph/super.c b/fs/ceph/super.c
index cfe21f320f4a..f86fc5fb858a 100644
--- a/fs/ceph/super.c
+++ b/fs/ceph/super.c
@@ -431,6 +431,8 @@  static int ceph_parse_mount_param(struct fs_context *fc,
 
 	switch (token) {
 	case Opt_snapdirname:
+		if (strlen(param->string) > NAME_MAX)
+			return invalfc(fc, "snapdirname too long");
 		kfree(fsopt->snapdir_name);
 		fsopt->snapdir_name = param->string;
 		param->string = NULL;