vport: Better handle too-long network device names in vport_del().
authorBen Pfaff <blp@nicira.com>
Tue, 27 Apr 2010 19:41:11 +0000 (12:41 -0700)
committerBen Pfaff <blp@nicira.com>
Tue, 27 Apr 2010 19:41:11 +0000 (12:41 -0700)
The 'count' argument to strncpy_from_user() is supposed to include space
for the null terminator, so add it in.  Also, refuse names that have more
than IFNAMSIZ-1 characters outright, instead of truncating them.

datapath/vport.c

index ef4d7db206f3b7380e2d772481e64b42783b8259..9ed7cd167aa05ec6fd2389dac881e2c66c9dd9fb 100644 (file)
@@ -277,10 +277,13 @@ vport_del(const char __user *udevname)
        struct vport *vport;
        struct dp_port *dp_port;
        int err = 0;
+       int retval;
 
-       if (strncpy_from_user(devname, udevname, IFNAMSIZ - 1) < 0)
+       retval = strncpy_from_user(devname, udevname, IFNAMSIZ);
+       if (retval < 0)
                return -EFAULT;
-       devname[IFNAMSIZ - 1] = '\0';
+       else if (retval >= IFNAMSIZ)
+               return -ENAMETOOLONG;
 
        rtnl_lock();