Re: [uml-devel] [PATCH 07/15] hostfs: Remove open coded strcpy()

From: Geert Uytterhoeven
Date: Mon Mar 16 2015 - 08:03:20 EST


On Mon, Mar 16, 2015 at 12:41 PM, Richard Weinberger <richard@xxxxxx> wrote:
> --- a/fs/hostfs/hostfs_kern.c
> +++ b/fs/hostfs/hostfs_kern.c
> @@ -105,11 +105,10 @@ static char *__dentry_name(struct dentry *dentry, char *name)

This code looks fishy to me...

First we have:

len = strlen(root);
strlcpy(name, root, PATH_MAX);

(I notice the code used strncpy() before. One difference with strlcpy()
is that strncpy() fills the remaining of the destination buffer with zeroes.)

Then:

> __putname(name);
> return NULL;
> }
> - if (p > name + len) {
> - char *s = name + len;

Unless strlcpy() truncated the string (which is unlikely, as root
cannot be longer
than PATH_MAX?), s = name + len now points to the zero terminator.
So the below would copy just one single byte:

> - while ((*s++ = *p++) != '\0')
> - ;
> - }
> +
> + if (p > name + len)
> + strcpy(name + len, p);
> +

What is this code really supposed to do?

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/