search

sahlberg / libnfs

NFS client library
Other
510 stars 200 forks source link

nfsv3 create file tries creating files with junk characters #443

Closed amulyan13 closed 5 months ago

amulyan13 commented 6 months ago

I am using the nfs_creat() function to create a file in the nfs share but this call tries creating file with junk filname characters than the requested one. Ex: I try creating a file called amnfile, it creates a file with name 'amnfile�{��\024\177'.

RCA: This is due to incorrect copying of the file name string using memcpy.

static void nfs3_initial_open_cb(int err, struct nfs_context nfs, void ret_data, void private_data) { struct open_cb_data cb_data = private_data; char *ptr;

    if (err == -EEXIST && (cb_data->flags & (O_CREAT|O_EXCL)) == (O_CREAT|O_EXCL)) {
    cb_data->cb(-EEXIST, nfs,
                     nfs_get_error(nfs), cb_data->private_data);
            free_open_cb_data(cb_data);
            return;
    }
    if (err == -NFS3ERR_NOENT && (cb_data->flags & O_CREAT)) {
            ptr = strrchr(cb_data->path, '/');
            if (ptr) {
                    *ptr++ = 0;
            } else {
                    /*
                     * We have a simple path to a top level name and no
                     * leading slashes. Make room for an extra character so
                     * we can create a path that is '\0' and then followed
                     * by the object we wish to create.
                     */
                    **ptr = malloc(strlen(cb_data->path) + 1); <<** 
                    if (ptr == NULL) {
                            cb_data->cb(-ENOMEM, nfs,
                                        nfs_get_error(nfs),
                                        cb_data->private_data);
                            free_open_cb_data(cb_data);
                            return;
                    }
                    ptr[0] = 0;
                    **memcpy(&ptr[1], cb_data->path, strlen(cb_data->path));**
                    free(cb_data->path);
                    cb_data->path = ptr; << **Now this is not null terminated, so it will result in junk char**
            }
sahlberg commented 6 months ago

Good spotting. I have checked in a fix for this in master. Please confirm it fixes the issue.

amulyan13 commented 5 months ago

Tested this fix, this resolved the issue. Thanks.