ceph: validate snapdirname option length when mounting
BugLink: https://bugs.launchpad.net/bugs/2102266 commit 12eb22a5a609421b380c3c6ca887474fb2089b2c upstream. It becomes a path component, so it shouldn't exceed NAME_MAX characters. This was hardened in commit c152737be22b ("ceph: Use strscpy() instead of strcpy() in __get_snap_name()"), but no actual check was put in place. Cc: stable@vger.kernel.org Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Alex Markuze <amarkuze@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Koichiro Den <koichiro.den@canonical.com> Signed-off-by: Mehmet Basaran <mehmet.basaran@canonical.com>
This commit is contained in:
committed by
Mehmet Basaran
parent
f93227c614
commit
71fc6636ff
@@ -430,6 +430,8 @@ static int ceph_parse_mount_param(struct fs_context *fc,
|
||||
|
||||
switch (token) {
|
||||
case Opt_snapdirname:
|
||||
if (strlen(param->string) > NAME_MAX)
|
||||
return invalfc(fc, "snapdirname too long");
|
||||
kfree(fsopt->snapdir_name);
|
||||
fsopt->snapdir_name = param->string;
|
||||
param->string = NULL;
|
||||
|
||||
Reference in New Issue
Block a user