fs: dlm: fix potential buffer overflow
authorAlexander Aring <aahringo@redhat.com>
Fri, 12 Nov 2021 15:08:01 +0000 (10:08 -0500)
committerDavid Teigland <teigland@redhat.com>
Fri, 12 Nov 2021 15:38:19 +0000 (09:38 -0600)
This patch fixes an potential overflow in sscanf and the maximum
declared string parsing length which seems to be excluding the null
termination symbol. This patch will just add one byte to be prepared on
a string with length of DLM_RESNAME_MAXLEN including the null
termination symbol.

Fixes: 5054e79de999 ("fs: dlm: add lkb debugfs functionality")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
fs/dlm/debug_fs.c

index df6f3f107be4f190fbd3b4cde2ee90ecb228030d..8fb04ebbafb5d0f547c4ed775339d2a5f921f1cd 100644 (file)
@@ -640,7 +640,7 @@ static ssize_t table_write2(struct file *file, const char __user *user_buf,
 {
        struct seq_file *seq = file->private_data;
        int n, len, lkb_nodeid, lkb_status, error;
-       char name[DLM_RESNAME_MAXLEN] = {};
+       char name[DLM_RESNAME_MAXLEN + 1] = {};
        struct dlm_ls *ls = seq->private;
        unsigned int lkb_flags;
        char buf[256] = {};