From 53f57fef43f5b9586c7a78acdeae27e206eae48b Mon Sep 17 00:00:00 2001
From: Mike Marshall <hubcap@omnibond.com>
Date: Mon, 14 Mar 2016 15:28:34 -0400
Subject: Orangefs: Extra sanity insurance on buffer before using string
 functions on it.

Signed-off-by: Mike Marshall <hubcap@omnibond.com>
---
 fs/orangefs/devorangefs-req.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/fs/orangefs/devorangefs-req.c b/fs/orangefs/devorangefs-req.c
index 12ea8730aa5d..35418d0b77bf 100644
--- a/fs/orangefs/devorangefs-req.c
+++ b/fs/orangefs/devorangefs-req.c
@@ -678,6 +678,19 @@ static long dispatch_ioctl_command(unsigned int command, unsigned long arg)
 		ret = copy_from_user(&client_debug_array_string,
 				     (void __user *)arg,
 				     ORANGEFS_MAX_DEBUG_STRING_LEN);
+		/*
+		 * The real client-core makes an effort to ensure
+		 * that actual strings that aren't too long to fit in
+		 * this buffer is what we get here. We're going to use
+		 * string functions on the stuff we got, so we'll make
+		 * this extra effort to try and keep from
+		 * flowing out of this buffer when we use the string
+		 * functions, even if somehow the stuff we end up
+		 * with here is garbage.
+		 */
+		client_debug_array_string[ORANGEFS_MAX_DEBUG_STRING_LEN - 1] =
+			'\0';
+		
 		if (ret != 0) {
 			pr_info("%s: CLIENT_STRING: copy_from_user failed\n",
 				__func__);
-- 
cgit v1.2.3