exportfs: don't assume that ->iterate() won't feed us too long entries
authorAl Viro <viro@zeniv.linux.org.uk>
Fri, 6 Sep 2013 20:55:36 +0000 (16:55 -0400)
committerAl Viro <viro@zeniv.linux.org.uk>
Sat, 7 Sep 2013 23:54:55 +0000 (19:54 -0400)
On some filesystems it's impossible even with fs corruption, but we'd
better not rely on that, what with memcpy() into on-stack array we
are doing there.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs/exportfs/expfs.c

index 293bc2e..a235f00 100644 (file)
@@ -231,7 +231,7 @@ static int filldir_one(void * __buf, const char * name, int len,
        int result = 0;
 
        buf->sequence++;
-       if (buf->ino == ino) {
+       if (buf->ino == ino && len <= NAME_MAX) {
                memcpy(buf->name, name, len);
                buf->name[len] = '\0';
                buf->found = 1;