Re: btrfs: add btrfs_read_policy_to_enum helper and refactor read, policy store

From: Anand Jain
Date: Thu Dec 19 2024 - 14:02:51 EST



Hi,

The changes have already been submitted and will be included in the next re-roll.

https://patchwork.kernel.org/project/linux-btrfs/patch/9fcc9f01bdab846db231b427f98fbb3e9df7c7a5.1734370092.git.anand.jain@xxxxxxxxxx/#26168805


Thanks,
Anand

On 19/12/24 21:10, Colin King (gmail) wrote:
Hi,

Static analysis on linux-next today has found a potential buffer overflow in fs/btrfs/sysfs.c in function btrfs_read_policy_to_enum()

The strcpy to string param has no length checks on str and hence if str is longer than param a buffer overflow on the stack occurs. This can potentially occur when a user writes a long string to the btrfs sysfs file read_policy via btrfs_read_policy_store()

int btrfs_read_policy_to_enum(const char *str, s64 *value)
{
        char param[32] = {'\0'};
        char *__maybe_unused value_str;
        int index;
        bool found = false;

        if (!str || strlen(str) == 0)
                return 0;

        strcpy(param, str);   /* issue here */

    ....
}

Colin