leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b25b60d7bf
linux/net/sunrpc
History
Christophe JAILLET b25b60d7bf SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' 
'maxlen' is the total size of the destination buffer. There is only one
caller and this value is 256.

When we compute the size already used and what we would like to add in
the buffer, the trailling NULL character is not taken into account.
However, this trailling character will be added by the 'strcat' once we
have checked that we have enough place.

So, there is a off-by-one issue and 1 byte of the stack could be
erroneously overwridden.

Take into account the trailling NULL, when checking if there is enough
place in the destination buffer.


While at it, also replace a 'sprintf' by a safer 'snprintf', check for
output truncation and avoid a superfluous 'strlen'.

Fixes: dc9a16e49d ("svc: Add /proc/sys/sunrpc/transport files")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ cel: very minor fix to documenting comment
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2020-03-27 12:22:57 -04:00
..
auth_gss nfsd: export upcalls must not return ESTALE when mountd is down 2020-03-16 12:04:33 -04:00
xprtrdma svcrdma: Avoid DMA mapping small RPC Replies 2020-03-16 12:04:33 -04:00
addr.c SUNRPC: Use kmemdup_nul() in rpc_parse_scope_id() 2020-02-03 16:35:07 -05:00
auth_null.c SUNRPC: Add rpc_auth::au_ralign field 2019-02-14 11:48:36 -05:00
auth_unix.c SUNRPC: Use the client user namespace when encoding creds 2019-04-26 16:24:32 -04:00
auth.c SUNRPC: Remove broken gss_mech_list_pseudoflavors() 2020-01-15 10:54:32 -05:00
backchannel_rqst.c SUNRPC: Destroy the back channel when we destroy the host transport 2019-10-30 12:04:35 -04:00
cache.c sunrpc: Add tracing for cache events 2020-03-16 12:04:34 -04:00
clnt.c svcrdma: Create a generic tracing class for displaying xdr_buf layout 2020-03-16 12:04:32 -04:00
debugfs.c NFS client updates for Linux 5.3 2019-07-18 14:32:33 -07:00
Kconfig SUNRPC: Drop redundant CONFIG_ from CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES 2019-07-06 14:54:53 -04:00
Makefile SUNRPC: remove generic cred code. 2018-12-19 13:52:46 -05:00
netns.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rpc_pipe.c kernel/notifier.c: remove blocking_notifier_chain_cond_register() 2019-12-04 19:44:12 -08:00
rpcb_clnt.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
sched.c SUNRPC: Capture signalled RPC tasks 2020-01-15 10:54:31 -05:00
socklib.c SUNRPC: Refactor xs_sendpages() 2020-03-16 12:04:33 -04:00
socklib.h SUNRPC: Refactor xs_sendpages() 2020-03-16 12:04:33 -04:00
stats.c proc: convert everything to "struct proc_ops" 2020-02-04 03:05:26 +00:00
sunrpc_syms.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
sunrpc.h SUNRPC: Teach server to use xprt_sock_sendmsg for socket sends 2020-03-16 12:04:33 -04:00
svc_xprt.c SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' 2020-03-27 12:22:57 -04:00
svc.c SUNRPC: Teach server to use xprt_sock_sendmsg for socket sends 2020-03-16 12:04:33 -04:00
svcauth_unix.c nfsd: export upcalls must not return ESTALE when mountd is down 2020-03-16 12:04:33 -04:00
svcauth.c SUNRPC: Trace gssproxy upcall results 2019-10-30 16:32:07 -04:00
svcsock.c SUNRPC: Teach server to use xprt_sock_sendmsg for socket sends 2020-03-16 12:04:33 -04:00
sysctl.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
timer.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
xdr.c SUNRPC: constify copied structure 2020-01-15 10:54:31 -05:00
xprt.c svcrdma: Create a generic tracing class for displaying xdr_buf layout 2020-03-16 12:04:32 -04:00
xprtmultipath.c SUNRPC: Optimise transport balancing code 2019-07-18 14:43:52 -04:00
xprtsock.c SUNRPC: Teach server to use xprt_sock_sendmsg for socket sends 2020-03-16 12:04:33 -04:00