Orangefs: Extra sanity insurance on buffer before using string functions on it.

Signed-off-by: Mike Marshall <hubcap@omnibond.com>

diff --git a/fs/orangefs/devorangefs-req.c b/fs/orangefs/devorangefs-req.c
index 12ea8730aa5d9ab942f168f6b94a3df677eb4582..35418d0b77bfc1378a5dd3f6efe3bc57f1a3d961 100644 (file)
--- a/fs/orangefs/devorangefs-req.c
+++ b/fs/orangefs/devorangefs-req.c
@@ -678,6 +678,19 @@ static long dispatch_ioctl_command(unsigned int command, unsigned long arg)
                ret = copy_from_user(&client_debug_array_string,
                                     (void __user *)arg,
                                     ORANGEFS_MAX_DEBUG_STRING_LEN);
+               /*
+                * The real client-core makes an effort to ensure
+                * that actual strings that aren't too long to fit in
+                * this buffer is what we get here. We're going to use
+                * string functions on the stuff we got, so we'll make
+                * this extra effort to try and keep from
+                * flowing out of this buffer when we use the string
+                * functions, even if somehow the stuff we end up
+                * with here is garbage.
+                */
+               client_debug_array_string[ORANGEFS_MAX_DEBUG_STRING_LEN - 1] =
+                       '\0';
+               
                if (ret != 0) {
                        pr_info("%s: CLIENT_STRING: copy_from_user failed\n",
                                __func__);