configfs: Zero terminate data in configfs attribute writes.

Attributes in configfs are text files.  As such, most handlers expect to be
able to call functions like simple_strtoul() without checking the bounds
of the buffer.  Change the call to zero terminate the buffer before calling
the client's ->store() method.  This does reduce the attribute size from
PAGE_SIZE to PAGE_SIZE-1.

Also, change get_zeroed_page() to alloc_page(), as we are handling the
termination.

Signed-off-by: Joel Becker <joel.becker@oracle.com>
Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
This commit is contained in:
Joel Becker 2007-01-23 17:00:45 -08:00 committed by Mark Fasheh
parent b559292e06
commit ff05d1c464

View file

@ -162,14 +162,17 @@ fill_write_buffer(struct configfs_buffer * buffer, const char __user * buf, size
int error; int error;
if (!buffer->page) if (!buffer->page)
buffer->page = (char *)get_zeroed_page(GFP_KERNEL); buffer->page = (char *)__get_free_pages(GFP_KERNEL, 0);
if (!buffer->page) if (!buffer->page)
return -ENOMEM; return -ENOMEM;
if (count > PAGE_SIZE) if (count >= PAGE_SIZE)
count = PAGE_SIZE; count = PAGE_SIZE - 1;
error = copy_from_user(buffer->page,buf,count); error = copy_from_user(buffer->page,buf,count);
buffer->needs_read_fill = 1; buffer->needs_read_fill = 1;
/* if buf is assumed to contain a string, terminate it by \0,
* so e.g. sscanf() can scan the string easily */
buffer->page[count] = 0;
return error ? -EFAULT : count; return error ? -EFAULT : count;
} }