libnfs
libnfs copied to clipboard
sahlberg
nfsv3 create file tries creating files with junk characters
I am using the nfs_creat() function to create a file in the nfs share but this call tries creating file with junk filname characters than the requested one. Ex: I try creating a file called amnfile, it creates a file with name 'amnfile�{��\024\177'.
RCA: This is due to incorrect copying of the file name string using memcpy.
static void nfs3_initial_open_cb(int err, struct nfs_context *nfs, void *ret_data, void *private_data) { struct open_cb_data *cb_data = private_data; char *ptr;
if (err == -EEXIST && (cb_data->flags & (O_CREAT|O_EXCL)) == (O_CREAT|O_EXCL)) {
cb_data->cb(-EEXIST, nfs,
nfs_get_error(nfs), cb_data->private_data);
free_open_cb_data(cb_data);
return;
}
if (err == -NFS3ERR_NOENT && (cb_data->flags & O_CREAT)) {
ptr = strrchr(cb_data->path, '/');
if (ptr) {
*ptr++ = 0;
} else {
/*
* We have a simple path to a top level name and no
* leading slashes. Make room for an extra character so
* we can create a path that is '\0' and then followed
* by the object we wish to create.
*/
**ptr = malloc(strlen(cb_data->path) + 1); <<**
if (ptr == NULL) {
cb_data->cb(-ENOMEM, nfs,
nfs_get_error(nfs),
cb_data->private_data);
free_open_cb_data(cb_data);
return;
}
ptr[0] = 0;
**memcpy(&ptr[1], cb_data->path, strlen(cb_data->path));**
free(cb_data->path);
cb_data->path = ptr; << **Now this is not null terminated, so it will result in junk char**
}
Good spotting. I have checked in a fix for this in master. Please confirm it fixes the issue.
