Re: [PATCH v3 2/2] binder: Validate the default binderfs device names.
From: Greg Kroah-Hartman
Date: Fri Aug 09 2019 - 10:55:12 EST
On Thu, Aug 08, 2019 at 03:27:26PM -0700, Hridya Valsaraju wrote:
> Length of a binderfs device name cannot exceed BINDERFS_MAX_NAME.
> This patch adds a check in binderfs_init() to ensure the same
> for the default binder devices that will be created in every
> binderfs instance.
>
> Co-developed-by: Christian Brauner <christian.brauner@xxxxxxxxxx>
> Signed-off-by: Christian Brauner <christian.brauner@xxxxxxxxxx>
> Signed-off-by: Hridya Valsaraju <hridya@xxxxxxxxxx>
> ---
> drivers/android/binderfs.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c
> index aee46dd1be91..55c5adb87585 100644
> --- a/drivers/android/binderfs.c
> +++ b/drivers/android/binderfs.c
> @@ -570,6 +570,18 @@ static struct file_system_type binder_fs_type = {
> int __init init_binderfs(void)
> {
> int ret;
> + const char *name;
> + size_t len;
> +
> + /* Verify that the default binderfs device names are valid. */
And by "valid" you only mean "not bigger than BINDERFS_MAX_NAME, right?
> + name = binder_devices_param;
> + for (len = strcspn(name, ","); len > 0; len = strcspn(name, ",")) {
> + if (len > BINDERFS_MAX_NAME)
> + return -E2BIG;
> + name += len;
> + if (*name == ',')
> + name++;
> + }
We already tokenize the binderfs device names in binder_init(), why not
check this there instead? Parsing the same string over and over isn't
the nicest.
thanks,
greg k-h