Re: [PATCHv3] Fix range checks in kernfs_get_target_path
From: Tejun Heo
Date: Mon Aug 27 2018 - 10:03:23 EST
On Sun, Aug 26, 2018 at 10:55:24AM +0000, Bernd Edlinger wrote:
> Ping...
> Sorry, I had actually completely forgotten about this one.
>
> On 07/07/18 19:52, Bernd Edlinger wrote:
> > The terminating NUL byte is only there because the buffer is
> > allocated with kzalloc(PAGE_SIZE, GFP_KERNEL), but since the
> > range-check is off-by-one, and PAGE_SIZE==PATH_MAX, the
> > returned string may not be zero-terminated if it is exactly
> > PATH_MAX characters long. Furthermore also the initial loop
> > may theoretically exceed PATH_MAX and cause a fault.
> >
> > Signed-off-by: Bernd Edlinger <bernd.edlinger@xxxxxxxxxx>
Acked-by: Tejun Heo <tj@xxxxxxxxxx>
Thanks.
--
tejun