• Kees Cook's avatar
    NFS: Avoid memcpy() run-time warning for struct sockaddr overflows · cf0d7e7f
    Kees Cook authored
    The 'nfs_server' and 'mount_server' structures include a union of
    'struct sockaddr' (with the older 16 bytes max address size) and
    'struct sockaddr_storage' which is large enough to hold all the
    supported sa_family types (128 bytes max size). The runtime memcpy()
    buffer overflow checker is seeing attempts to write beyond the 16
    bytes as an overflow, but the actual expected size is that of 'struct
    sockaddr_storage'. Plumb the use of 'struct sockaddr_storage' more
    completely through-out NFS, which results in adjusting the memcpy()
    buffers to the correct union members. Avoids this false positive run-time
    warning under CONFIG_FORTIFY_SOURCE:
    
      memcpy: detected field-spanning write (size 28) of single field "&ctx->nfs_server.address" at fs/nfs/namespace.c:178 (size 16)
    Reported-by: default avatarkernel test robot <yujie.liu@intel.com>
    Link: https://lore.kernel.org/all/202210110948.26b43120-yujie.liu@intel.com
    Cc: Trond Myklebust <trond.myklebust@hammerspace.com>
    Cc: Anna Schumaker <anna@kernel.org>
    Cc: linux-nfs@vger.kernel.org
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
    cf0d7e7f
nfs3client.c 3.24 KB