configfs: Zero terminate data in configfs attribute writes.
Attributes in configfs are text files. As such, most handlers expect to be able to call functions like simple_strtoul() without checking the bounds of the buffer. Change the call to zero terminate the buffer before calling the client's ->store() method. This does reduce the attribute size from PAGE_SIZE to PAGE_SIZE-1. Also, change get_zeroed_page() to alloc_page(), as we are handling the termination. Signed-off-by: Joel Becker <joel.becker@oracle.com> Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
This commit is contained in:
parent
b559292e06
commit
ff05d1c464
1 changed files with 6 additions and 3 deletions
|
@ -162,14 +162,17 @@ fill_write_buffer(struct configfs_buffer * buffer, const char __user * buf, size
|
||||||
int error;
|
int error;
|
||||||
|
|
||||||
if (!buffer->page)
|
if (!buffer->page)
|
||||||
buffer->page = (char *)get_zeroed_page(GFP_KERNEL);
|
buffer->page = (char *)__get_free_pages(GFP_KERNEL, 0);
|
||||||
if (!buffer->page)
|
if (!buffer->page)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
if (count > PAGE_SIZE)
|
if (count >= PAGE_SIZE)
|
||||||
count = PAGE_SIZE;
|
count = PAGE_SIZE - 1;
|
||||||
error = copy_from_user(buffer->page,buf,count);
|
error = copy_from_user(buffer->page,buf,count);
|
||||||
buffer->needs_read_fill = 1;
|
buffer->needs_read_fill = 1;
|
||||||
|
/* if buf is assumed to contain a string, terminate it by \0,
|
||||||
|
* so e.g. sscanf() can scan the string easily */
|
||||||
|
buffer->page[count] = 0;
|
||||||
return error ? -EFAULT : count;
|
return error ? -EFAULT : count;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue