[sheepdog] [PATCH v2 5/7] collie: add new commands to manipulate multi-disks

MORITA Kazutaka morita.kazutaka at lab.ntt.co.jp
Wed Apr 3 04:45:09 CEST 2013

At Wed, 03 Apr 2013 10:34:20 +0800,
Liu Yuan wrote:
> On 04/03/2013 10:22 AM, MORITA Kazutaka wrote:
> > Should be strlen(disks) + 1 to include the terminating '\0' character.
> Practically we don't need this '\0' because sd_disk.path is zeroed.

But sheep allocates only hdr->data_length bytes to req->data.  It
means that there is no assurance that req->data in sheep is
NULL-terminated if we don't set strlen(disks) + 1 to data_length.
Sheep calls strtok against the buffer in do_plug_unplug() so this
looks dangerous to me.



More information about the sheepdog mailing list