From: NeilBrown Problem identified by Jan Kasprzak. Limit on domainname_max (currently 50) is too small. Just use the beginning of input buffer as scratch space for it, and save a little stack space while we're at it. Signed-off-by: J. Bruce Fields Signed-off-by: Neil Brown Signed-off-by: Andrew Morton --- 25-akpm/net/sunrpc/svcauth_unix.c | 14 +++++++------- 1 files changed, 7 insertions(+), 7 deletions(-) diff -puN net/sunrpc/svcauth_unix.c~knfsd-svcrpc-fqdn-length-fix net/sunrpc/svcauth_unix.c --- 25/net/sunrpc/svcauth_unix.c~knfsd-svcrpc-fqdn-length-fix 2004-11-15 22:06:47.236529344 -0800 +++ 25-akpm/net/sunrpc/svcauth_unix.c 2004-11-15 22:06:47.240528736 -0800 @@ -150,11 +150,14 @@ static void ip_map_request(struct cache_ } static struct ip_map *ip_map_lookup(struct ip_map *, int); + static int ip_map_parse(struct cache_detail *cd, char *mesg, int mlen) { /* class ipaddress [domainname] */ - char class[50], buf[50]; + /* should be safe just to use the start of the input buffer + * for scratch: */ + char *buf = mesg; int len; int b1,b2,b3,b4; char c; @@ -167,13 +170,11 @@ static int ip_map_parse(struct cache_det mesg[mlen-1] = 0; /* class */ - len = qword_get(&mesg, class, 50); + len = qword_get(&mesg, ipm.m_class, sizeof(ipm.m_class)); if (len <= 0) return -EINVAL; - if (len >= sizeof(ipm.m_class)) - return -EINVAL; /* ip address */ - len = qword_get(&mesg, buf, 50); + len = qword_get(&mesg, buf, mlen); if (len <= 0) return -EINVAL; if (sscanf(buf, "%u.%u.%u.%u%c", &b1, &b2, &b3, &b4, &c) != 4) @@ -184,7 +185,7 @@ static int ip_map_parse(struct cache_det return -EINVAL; /* domainname, or empty for NEGATIVE */ - len = qword_get(&mesg, buf, 50); + len = qword_get(&mesg, buf, mlen); if (len < 0) return -EINVAL; if (len) { @@ -194,7 +195,6 @@ static int ip_map_parse(struct cache_det } else dom = NULL; - strcpy(ipm.m_class, class); ipm.m_addr.s_addr = htonl((((((b1<<8)|b2)<<8)|b3)<<8)|b4); ipm.h.flags = 0; _