Re: [PATCH] ext4: Don't leak old mountpoint samples

From: Richard Weinberger
Date: Thu Dec 17 2020 - 16:16:36 EST


----- Ursprüngliche Mail -----
>> Fix this by using strncpy() instead of strlcpy(). The superblock
>> field is defined to be a fixed-size char array, and it is already
>> marked using __nonstring in fs/ext4/ext4.h. The consumer of the field
>> in e2fsprogs already assumes that in the case of a 64+ byte mount
>> path, that s_last_mounted will not be NUL terminated.
>>
>> Reported-by: Richard Weinberger <richard@xxxxxx>
>> Signed-off-by: Theodore Ts'o <tytso@xxxxxxx>
>
> Color me confused, but I don't see how this change makes any difference?
> If "cp" is only "/" then it will *still* not overwrite "edia/johnjdeveloper"
> at the end of the s_last_mounted array. To my mind, the only difference
> between using strlcpy() and strncpy() would be whether the last byte in
> the array can be used or not, but doesn't affect the remaining bytes.

strncpy() zeros all remaining bytes.

Thanks,
//richard