From 6a039e5063fc96cc72a0a0b2bdc97403fb080de1 Mon Sep 17 00:00:00 2001 From: David Sterba Date: Fri, 12 Jun 2015 14:36:51 +0200 Subject: [PATCH] btrfs-progs: properly set up ioctl arguments At some places we do not clear the whole ioctl structure and could pass garbage to kernel. Zero the ioctl vol_args and use a helper for copying the path. Signed-off-by: David Sterba --- cmds-device.c | 5 ++++- cmds-filesystem.c | 1 + cmds-subvolume.c | 1 + utils.c | 4 ++-- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/cmds-device.c b/cmds-device.c index 3a10438b..c588a6e0 100644 --- a/cmds-device.c +++ b/cmds-device.c @@ -126,6 +126,7 @@ static int cmd_add_dev(int argc, char **argv) goto error_out; } + memset(&ioctl_args, 0, sizeof(ioctl_args)); strncpy_null(ioctl_args.name, path); res = ioctl(fdmnt, BTRFS_IOC_ADD_DEV, &ioctl_args); e = errno; @@ -175,6 +176,7 @@ static int cmd_rm_dev(int argc, char **argv) ret++; continue; } + memset(&arg, 0, sizeof(arg)); strncpy_null(arg.name, argv[i]); res = ioctl(fdmnt, BTRFS_IOC_RM_DEV, &arg); e = errno; @@ -312,7 +314,8 @@ static int cmd_ready_dev(int argc, char **argv) goto out; } - strncpy(args.name, path, BTRFS_PATH_NAME_MAX); + memset(&args, 0, sizeof(args)); + strncpy_null(args.name, path); ret = ioctl(fd, BTRFS_IOC_DEVICES_READY, &args); if (ret < 0) { fprintf(stderr, "ERROR: unable to determine if the device '%s'" diff --git a/cmds-filesystem.c b/cmds-filesystem.c index ccf89c66..dcd3f479 100644 --- a/cmds-filesystem.c +++ b/cmds-filesystem.c @@ -1270,6 +1270,7 @@ static int cmd_resize(int argc, char **argv) } printf("Resize '%s' of '%s'\n", path, amount); + memset(&args, 0, sizeof(args)); strncpy_null(args.name, amount); res = ioctl(fd, BTRFS_IOC_RESIZE, &args); e = errno; diff --git a/cmds-subvolume.c b/cmds-subvolume.c index dfc3f1f3..e88a6e6e 100644 --- a/cmds-subvolume.c +++ b/cmds-subvolume.c @@ -357,6 +357,7 @@ again: printf("Delete subvolume (%s): '%s/%s'\n", commit_mode == 2 || (commit_mode == 1 && cnt + 1 == argc) ? "commit" : "no-commit", dname, vname); + memset(&args, 0, sizeof(args)); strncpy_null(args.name, vname); res = ioctl(fd, BTRFS_IOC_SNAP_DESTROY, &args); e = errno; diff --git a/utils.c b/utils.c index 087f3715..591b2a1d 100644 --- a/utils.c +++ b/utils.c @@ -1409,8 +1409,8 @@ int btrfs_register_one_device(const char *fname) strerror(errno)); return -errno; } - strncpy(args.name, fname, BTRFS_PATH_NAME_MAX); - args.name[BTRFS_PATH_NAME_MAX-1] = 0; + memset(&args, 0, sizeof(args)); + strncpy_null(args.name, fname); ret = ioctl(fd, BTRFS_IOC_SCAN_DEV, &args); e = errno; if (ret < 0) {