From bc0fec0e12f19dd424f4bf83cfca89d434184c8d Mon Sep 17 00:00:00 2001
From: Jens Axboe <axboe@fb.com>
Date: Tue, 15 Dec 2015 21:02:51 -0700
Subject: [PATCH 1/1] client/server: ensure we don't overrun memory for long
 option values

Signed-off-by: Jens Axboe <axboe@fb.com>
---
 client.c |  3 ++-
 server.c | 21 +++++++++++++++++----
 server.h |  3 ++-
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/client.c b/client.c
index 932c665c..637cd3fb 100644
--- a/client.c
+++ b/client.c
@@ -1003,7 +1003,8 @@ static void handle_job_opt(struct fio_client *client, struct fio_net_cmd *cmd)
 		return;
 
 	pdu->global = le16_to_cpu(pdu->global);
-	pdu->groupid = le16_to_cpu(pdu->groupid);
+	pdu->truncated = le16_to_cpu(pdu->truncated);
+	pdu->groupid = le32_to_cpu(pdu->groupid);
 
 	p = malloc(sizeof(*p));
 	p->name = strdup((char *) pdu->name);
diff --git a/server.c b/server.c
index 38a6bf85..f11e9727 100644
--- a/server.c
+++ b/server.c
@@ -1523,19 +1523,32 @@ void fio_server_send_job_options(struct flist_head *opt_list,
 
 	flist_for_each(entry, opt_list) {
 		struct print_option *p;
+		size_t len;
 
 		p = flist_entry(entry, struct print_option, list);
 		memset(&pdu, 0, sizeof(pdu));
+
 		if (groupid == -1U) {
 			pdu.global = __cpu_to_le16(1);
 			pdu.groupid = 0;
 		} else {
 			pdu.global = 0;
-			pdu.groupid = __cpu_to_le16(groupid);
+			pdu.groupid = cpu_to_le32(groupid);
+		}
+		len = strlen(p->name);
+		if (len >= sizeof(pdu.name)) {
+			len = sizeof(pdu.name) - 1;
+			pdu.truncated = __cpu_to_le16(1);
+		}
+		memcpy(pdu.name, p->name, len);
+		if (p->value) {
+			len = strlen(p->value);
+			if (len >= sizeof(pdu.value)) {
+				len = sizeof(pdu.value) - 1;
+				pdu.truncated = __cpu_to_le16(1);
+			}
+			memcpy(pdu.value, p->value, len);
 		}
-		memcpy(pdu.name, p->name, strlen(p->name));
-		if (p->value)
-			memcpy(pdu.value, p->value, strlen(p->value));
 		fio_net_queue_cmd(FIO_NET_CMD_JOB_OPT, &pdu, sizeof(pdu), NULL, SK_F_COPY);
 	}
 }
diff --git a/server.h b/server.h
index fca9a874..dc4a4198 100644
--- a/server.h
+++ b/server.h
@@ -184,7 +184,8 @@ struct cmd_iolog_pdu {
 
 struct cmd_job_option {
 	uint16_t global;
-	uint16_t groupid;
+	uint16_t truncated;
+	uint32_t groupid;
 	uint8_t name[64];
 	uint8_t value[128];
 };
-- 
2.25.1