sunrpc: set cl_nodelen correctly when nodename truncated.
diff mbox

Message ID 87r30nsu2o.fsf@notabene.neil.brown.name
State New
Headers show

Commit Message

NeilBrown April 20, 2017, 2:15 a.m. UTC
rpc_clnt_set_nodename() appears to assume that the return
value from strlcpy() is the size of the copied string.  It
is not.  It is the size of the string that strlcpy() was
asked to copy.  If truncation happened, the return value
will be longer than the buffer.

So we need to compare the returned value with the buffer size-1
and record the smaller of the two.

Signed-off-by: NeilBrown <neilb@suse.com>
---
 net/sunrpc/clnt.c | 3 +++
 1 file changed, 3 insertions(+)

Patch
diff mbox

diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index b5cb921775a0..b62ab1a7bb98 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -287,6 +287,9 @@  static void rpc_clnt_set_nodename(struct rpc_clnt *clnt, const char *nodename)
 {
 	clnt->cl_nodelen = strlcpy(clnt->cl_nodename,
 			nodename, sizeof(clnt->cl_nodename));
+	if (clnt->cl_nodelen >= sizeof(clnt->cl_nodename))
+		/* nodename was truncated... */
+		clnt->cl_nodelen = sizeof(clnt->cl_nodelen) - 1;
 }
 
 static int rpc_client_register(struct rpc_clnt *clnt,