Re: [PATCH 1/1] initramfs: strcpy destination string overflow

[Al Viro]

On Tue, Oct 05, 2010 at 08:55:01AM -0700, Linus Torvalds wrote:

> I think this is wrong.
> 
> If the name is too long to fit in the hash table, we should not create
> a new hash entry at all, because we'd be returning the wrong
> (truncated) name when we find it next time.
> 
> So it would be much better to just do
> 
>    if (strlen(name) >= sizeof(q->name))
>       return NULL;
> 
> in find_link(), because as far as I can tell, the hard-linking is
> always just an optimization.
> 
> Comments? Peter?

Take a look at struct hash definition.  That sizeof is PATH_MAX and
do_header() will reject an entry with name longer than that.  IOW,
the whole thing is a non-issue; we can add
	if (strlen(name) >= PATH_MAX)
		BUG();
if we really care, but that's it.

As a side note, it looks like we need a fat warning about blind "improvements"
of that kind in CodingStyle; cargo-cult replacements like that can easily
hide real bugs... ;-/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/