Commit f4a2589f authored by Evgeny Kuznetsov's avatar Evgeny Kuznetsov Committed by Linus Torvalds

cgroups: add check for strcpy destination string overflow

Function "strcpy" is used without check for maximum allowed source string
length and could cause destination string overflow.  Check for string
length is added before using "strcpy".  Function now is return error if
source string length is more than a maximum.

akpm: presently considered NotABug, but add the check for general
future-safeness and robustness.
Signed-off-by: default avatarEvgeny Kuznetsov <EXT-Eugeny.Kuznetsov@nokia.com>
Acked-by: default avatarPaul Menage <menage@google.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 32a8cf23
...@@ -1922,6 +1922,8 @@ static int cgroup_release_agent_write(struct cgroup *cgrp, struct cftype *cft, ...@@ -1922,6 +1922,8 @@ static int cgroup_release_agent_write(struct cgroup *cgrp, struct cftype *cft,
const char *buffer) const char *buffer)
{ {
BUILD_BUG_ON(sizeof(cgrp->root->release_agent_path) < PATH_MAX); BUILD_BUG_ON(sizeof(cgrp->root->release_agent_path) < PATH_MAX);
if (strlen(buffer) >= PATH_MAX)
return -EINVAL;
if (!cgroup_lock_live_group(cgrp)) if (!cgroup_lock_live_group(cgrp))
return -ENODEV; return -ENODEV;
strcpy(cgrp->root->release_agent_path, buffer); strcpy(cgrp->root->release_agent_path, buffer);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment