From 352f2c9a570d38bced287a273e79dccae7c5ef41 Mon Sep 17 00:00:00 2001
From: Aurelien Aptel <aaptel@suse.com>
Date: Mon, 16 Sep 2019 05:45:42 +0200
Subject: cifs: cifsroot: add more err checking

make cifs more verbose about buffer size errors
and add some comments

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/cifs/cifsroot.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

(limited to 'fs')

diff --git a/fs/cifs/cifsroot.c b/fs/cifs/cifsroot.c
index 8760d9cbf25e..37edbfb8e096 100644
--- a/fs/cifs/cifsroot.c
+++ b/fs/cifs/cifsroot.c
@@ -24,6 +24,7 @@ static char root_opts[1024] __initdata = DEFAULT_MNT_OPTS;
 
 static __be32 __init parse_srvaddr(char *start, char *end)
 {
+	/* TODO: ipv6 support */
 	char addr[sizeof("aaa.bbb.ccc.ddd")];
 	int i = 0;
 
@@ -50,14 +51,24 @@ static int __init cifs_root_setup(char *line)
 		if (!s || s[1] == '\0')
 			return 1;
 
+		/* make s point to ',' or '\0' at end of line */
 		s = strchrnul(s, ',');
+		/* len is strlen(unc) + '\0' */
 		len = s - line + 1;
-		if (len <= sizeof(root_dev)) {
-			strlcpy(root_dev, line, len);
-			srvaddr = parse_srvaddr(&line[2], s);
-			if (*s) {
-				snprintf(root_opts, sizeof(root_opts), "%s,%s",
+		if (len > sizeof(root_dev)) {
+			printk(KERN_ERR "Root-CIFS: UNC path too long\n");
+			return 1;
+		}
+		strlcpy(root_dev, line, len);
+		srvaddr = parse_srvaddr(&line[2], s);
+		if (*s) {
+			int n = snprintf(root_opts,
+					 sizeof(root_opts), "%s,%s",
 					 DEFAULT_MNT_OPTS, s + 1);
+			if (n >= sizeof(root_opts)) {
+				printk(KERN_ERR "Root-CIFS: mount options string too long\n");
+				root_opts[sizeof(root_opts)-1] = '\0';
+				return 1;
 			}
 		}
 	}
-- 
cgit