Skip to content

Commit 44633a5

Browse files
caringicaringi
committed
Merge: CVE-2024-54456: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/6448 JIRA: https://issues.redhat.com/browse/RHEL-81064 CVE: CVE-2024-54456 ``` commit 49fd4e3 Author: Zichen Xie <[email protected]> Date: Wed Dec 18 00:13:12 2024 +0800 NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() name is char[64] where the size of clnt->cl_program->name remains unknown. Invoking strcat() directly will also lead to potential buffer overflow. Change them to strscpy() and strncat() to fix potential issues. Signed-off-by: Zichen Xie <[email protected]> Reviewed-by: Benjamin Coddington <[email protected]> Signed-off-by: Anna Schumaker <[email protected]>``` Signed-off-by: CKI Backport Bot <[email protected]> --- <small>Created 2025-02-27 09:10 UTC by backporter - [KWF FAQ](https://red.ht/kernel_workflow_doc) - [Slack #team-kernel-workflow](https://redhat-internal.slack.com/archives/C04LRUPMJQ5) - [Source](https://gitlab.com/cki-project/kernel-workflow/-/blob/main/webhook/utils/backporter.py) - [Documentation](https://gitlab.com/cki-project/kernel-workflow/-/blob/main/docs/README.backporter.md) - [Report an issue](https://gitlab.com/cki-project/kernel-workflow/-/issues/new?issue%5Btitle%5D=backporter%20webhook%20issue)</small> Approved-by: Olga Kornievskaia <[email protected]> Approved-by: Scott Mayhew <[email protected]> Approved-by: CKI KWF Bot <[email protected]> Merged-by: Augusto Caringi <[email protected]>
2 parents e392211 + 553755a commit 44633a5

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

fs/nfs/sysfs.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -280,9 +280,9 @@ void nfs_sysfs_link_rpc_client(struct nfs_server *server,
280280
char name[RPC_CLIENT_NAME_SIZE];
281281
int ret;
282282

283-
strcpy(name, clnt->cl_program->name);
284-
strcat(name, uniq ? uniq : "");
285-
strcat(name, "_client");
283+
strscpy(name, clnt->cl_program->name, sizeof(name));
284+
strncat(name, uniq ? uniq : "", sizeof(name) - strlen(name) - 1);
285+
strncat(name, "_client", sizeof(name) - strlen(name) - 1);
286286

287287
ret = sysfs_create_link_nowarn(&server->kobj,
288288
&clnt->cl_sysfs->kobject, name);

0 commit comments

Comments
 (0)