md: fix input truncation in safe_delay_store()

safe_delay_store() currently truncates the last character of input since it tells strlcpy that the buffer can only hold 'len' characters, off by one. sysfs already null terminates the buffer, so just increase the last argument to strlcpy. Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>

md: fix input truncation in safe_delay_store()
safe_delay_store() currently truncates the last character of input since it tells strlcpy that the buffer can only hold 'len' characters, off by one. sysfs already null terminates the buffer, so just increase the last argument to strlcpy. Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
97ce0a7f · Dan Williams · NeilBrown · 08ff39f1 · 97ce0a7f
Commit 97ce0a7f authored Sep 24, 2008 by Dan Williams Committed by NeilBrown Oct 16, 2008
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 5 deletions

drivers/md/md.c drivers/md/md.c +3 -5

No files found.
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -2394,12 +2394,11 @@ safe_delay_store(mddev_t *mddev, const char *cbuf, size_t len)
 	int i;
 	unsigned long msec;
 	char buf[30];
-	char *e;
+
 	/* remove a period, and count digits after it */
 	if (len >= sizeof(buf))
 		return -EINVAL;
-	strlcpy(buf, cbuf, len);
-	buf[len] = 0;
+	strlcpy(buf, cbuf, sizeof(buf));
 	for (i=0; i<len; i++) {
 		if (dot) {
 			if (isdigit(buf[i])) {
@@ -2412,8 +2411,7 @@ safe_delay_store(mddev_t *mddev, const char *cbuf, size_t len)
 			buf[i] = 0;
 		}
 	}
-	msec = simple_strtoul(buf, &e, 10);
-	if (e == buf || (*e && *e != '\n'))
+	if (strict_strtoul(buf, 10, &msec) < 0)
 		return -EINVAL;
 	msec = (msec * 1000) / scale;
 	if (msec == 0)