mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-01 10:42:11 +00:00
ceph: validate snapdirname option length when mounting
It becomes a path component, so it shouldn't exceed NAME_MAX
characters. This was hardened in commit c152737be2 ("ceph: Use
strscpy() instead of strcpy() in __get_snap_name()"), but no actual
check was put in place.
Cc: stable@vger.kernel.org
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Alex Markuze <amarkuze@redhat.com>
This commit is contained in:
Ilya Dryomov
parent
550f7ca98e
commit
12eb22a5a6
@ -431,6 +431,8 @@ static int ceph_parse_mount_param(struct fs_context *fc,
|
|||||||
|
|
||||||
switch (token) {
|
switch (token) {
|
||||||
case Opt_snapdirname:
|
case Opt_snapdirname:
|
||||||
|
if (strlen(param->string) > NAME_MAX)
|
||||||
|
return invalfc(fc, "snapdirname too long");
|
||||||
kfree(fsopt->snapdir_name);
|
kfree(fsopt->snapdir_name);
|
||||||
fsopt->snapdir_name = param->string;
|
fsopt->snapdir_name = param->string;
|
||||||
param->string = NULL;
|
param->string = NULL;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user