Re: btrfs: add btrfs_read_policy_to_enum helper and refactor read, policy store
From: Anand Jain
Date: Thu Dec 19 2024 - 14:02:51 EST
Hi,
The changes have already been submitted and will be included in the
next re-roll.
https://patchwork.kernel.org/project/linux-btrfs/patch/9fcc9f01bdab846db231b427f98fbb3e9df7c7a5.1734370092.git.anand.jain@xxxxxxxxxx/#26168805
Thanks,
Anand
On 19/12/24 21:10, Colin King (gmail) wrote:
Hi,
Static analysis on linux-next today has found a potential buffer
overflow in fs/btrfs/sysfs.c in function btrfs_read_policy_to_enum()
The strcpy to string param has no length checks on str and hence if str
is longer than param a buffer overflow on the stack occurs. This can
potentially occur when a user writes a long string to the btrfs sysfs
file read_policy via btrfs_read_policy_store()
int btrfs_read_policy_to_enum(const char *str, s64 *value)
{
char param[32] = {'\0'};
char *__maybe_unused value_str;
int index;
bool found = false;
if (!str || strlen(str) == 0)
return 0;
strcpy(param, str); /* issue here */
....
}
Colin