]> www.infradead.org Git - users/hch/dma-mapping.git/commitdiff
ksmbd: fix __write_overflow warning in ndr_read_string
authorNamjae Jeon <namjae.jeon@samsung.com>
Fri, 27 Aug 2021 01:18:05 +0000 (10:18 +0900)
committerSteve French <stfrench@microsoft.com>
Fri, 27 Aug 2021 19:03:49 +0000 (14:03 -0500)
Dan reported __write_overflow warning in ndr_read_string.

  CC [M]  fs/ksmbd/ndr.o
In file included from ./include/linux/string.h:253,
                 from ./include/linux/bitmap.h:11,
                 from ./include/linux/cpumask.h:12,
                 from ./arch/x86/include/asm/cpumask.h:5,
                 from ./arch/x86/include/asm/msr.h:11,
                 from ./arch/x86/include/asm/processor.h:22,
                 from ./arch/x86/include/asm/cpufeature.h:5,
                 from ./arch/x86/include/asm/thread_info.h:53,
                 from ./include/linux/thread_info.h:60,
                 from ./arch/x86/include/asm/preempt.h:7,
                 from ./include/linux/preempt.h:78,
                 from ./include/linux/spinlock.h:55,
                 from ./include/linux/wait.h:9,
                 from ./include/linux/wait_bit.h:8,
                 from ./include/linux/fs.h:6,
                 from fs/ksmbd/ndr.c:7:
In function memcpy,
    inlined from ndr_read_string at fs/ksmbd/ndr.c:86:2,
    inlined from ndr_decode_dos_attr at fs/ksmbd/ndr.c:167:2:
./include/linux/fortify-string.h:219:4: error: call to __write_overflow
declared with attribute error: detected write beyond size of object
    __write_overflow();
    ^~~~~~~~~~~~~~~~~~

This seems to be a false alarm because hex_attr size is always smaller
than n->length. This patch fix this warning by allocation hex_attr with
n->length.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
fs/ksmbd/ndr.c

index df23dfbaf6571e0428fe163fb1ccd557d4f196c5..2243a2c64b37cb071df74751f29ab469a92df776 100644 (file)
@@ -160,11 +160,16 @@ int ndr_encode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da)
 
 int ndr_decode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da)
 {
-       char hex_attr[12] = {0};
+       char *hex_attr;
        int version2;
 
+       hex_attr = kzalloc(n->length, GFP_KERNEL);
+       if (!hex_attr)
+               return -ENOMEM;
+
        n->offset = 0;
-       ndr_read_string(n, hex_attr, n->length - n->offset);
+       ndr_read_string(n, hex_attr, n->length);
+       kfree(hex_attr);
        da->version = ndr_read_int16(n);
 
        if (da->version != 3 && da->version != 4) {