diff options
author | Joel Becker <joel.becker@oracle.com> | 2007-01-23 17:00:45 -0800 |
---|---|---|
committer | Mark Fasheh <mark.fasheh@oracle.com> | 2007-02-07 12:17:08 -0800 |
commit | ff05d1c4643dd4260eb699396043d7e8009c0de4 (patch) | |
tree | fe3c601c3c8a2498c434a2d2c08e0192b4233299 /fs/configfs | |
parent | b559292e066f6d570cd5aa5dbd41de61dd04bdce (diff) | |
download | lwn-ff05d1c4643dd4260eb699396043d7e8009c0de4.tar.gz lwn-ff05d1c4643dd4260eb699396043d7e8009c0de4.zip |
configfs: Zero terminate data in configfs attribute writes.
Attributes in configfs are text files. As such, most handlers expect to be
able to call functions like simple_strtoul() without checking the bounds
of the buffer. Change the call to zero terminate the buffer before calling
the client's ->store() method. This does reduce the attribute size from
PAGE_SIZE to PAGE_SIZE-1.
Also, change get_zeroed_page() to alloc_page(), as we are handling the
termination.
Signed-off-by: Joel Becker <joel.becker@oracle.com>
Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
Diffstat (limited to 'fs/configfs')
-rw-r--r-- | fs/configfs/file.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/fs/configfs/file.c b/fs/configfs/file.c index 2a7cb086e80c..d98be5e01328 100644 --- a/fs/configfs/file.c +++ b/fs/configfs/file.c @@ -162,14 +162,17 @@ fill_write_buffer(struct configfs_buffer * buffer, const char __user * buf, size int error; if (!buffer->page) - buffer->page = (char *)get_zeroed_page(GFP_KERNEL); + buffer->page = (char *)__get_free_pages(GFP_KERNEL, 0); if (!buffer->page) return -ENOMEM; - if (count > PAGE_SIZE) - count = PAGE_SIZE; + if (count >= PAGE_SIZE) + count = PAGE_SIZE - 1; error = copy_from_user(buffer->page,buf,count); buffer->needs_read_fill = 1; + /* if buf is assumed to contain a string, terminate it by \0, + * so e.g. sscanf() can scan the string easily */ + buffer->page[count] = 0; return error ? -EFAULT : count; } |