]> pilppa.com Git - linux-2.6-omap-h63xx.git/commitdiff
md: fix input truncation in safe_delay_store()
authorDan Williams <dan.j.williams@gmail.com>
Thu, 25 Sep 2008 05:48:19 +0000 (22:48 -0700)
committerNeilBrown <neilb@suse.de>
Thu, 16 Oct 2008 06:03:08 +0000 (17:03 +1100)
safe_delay_store() currently truncates the last character of input since
it tells strlcpy that the buffer can only hold 'len' characters, off by
one.  sysfs already null terminates the buffer, so just increase the
last argument to strlcpy.

Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: NeilBrown <neilb@suse.de>
drivers/md/md.c

index 39c9c87a13425abfbedf9b52934d88f5f36facd6..aaa3d465de4ece202bd3a18c1c605248ebd40ad7 100644 (file)
@@ -2394,12 +2394,11 @@ safe_delay_store(mddev_t *mddev, const char *cbuf, size_t len)
        int i;
        unsigned long msec;
        char buf[30];
-       char *e;
+
        /* remove a period, and count digits after it */
        if (len >= sizeof(buf))
                return -EINVAL;
-       strlcpy(buf, cbuf, len);
-       buf[len] = 0;
+       strlcpy(buf, cbuf, sizeof(buf));
        for (i=0; i<len; i++) {
                if (dot) {
                        if (isdigit(buf[i])) {
@@ -2412,8 +2411,7 @@ safe_delay_store(mddev_t *mddev, const char *cbuf, size_t len)
                        buf[i] = 0;
                }
        }
-       msec = simple_strtoul(buf, &e, 10);
-       if (e == buf || (*e && *e != '\n'))
+       if (strict_strtoul(buf, 10, &msec) < 0)
                return -EINVAL;
        msec = (msec * 1000) / scale;
        if (msec == 0)