cgroups: save space for the terminator

The original code didn't leave enough space for a NULL terminator.  These
strings are copied with strcpy() into fixed length buffers in
cgroup_root_from_opts().

Signed-off-by: Dan Carpenter <[email protected]>
Acked-by: Serge E. Hallyn <[email protected]>
Reviewd-by: KAMEZAWA Hiroyuki <[email protected]>
Cc: Paul Menage <[email protected]>
Cc: Li Zefan <[email protected]>
Cc: Ben Blum <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index d83cab06da8722f7d91fad428a74799645964676..192f88c5b0f9df29b80d51d4c5ceba5388d099eb 100644 (file)
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -1102,7 +1102,7 @@ static int parse_cgroupfs_options(char *data, struct cgroup_sb_opts *opts)
                        if (opts->release_agent)
                                return -EINVAL;
                        opts->release_agent =
-                               kstrndup(token + 14, PATH_MAX, GFP_KERNEL);
+                               kstrndup(token + 14, PATH_MAX - 1, GFP_KERNEL);
                        if (!opts->release_agent)
                                return -ENOMEM;
                } else if (!strncmp(token, "name=", 5)) {
@@ -1123,7 +1123,7 @@ static int parse_cgroupfs_options(char *data, struct cgroup_sb_opts *opts)
                        if (opts->name)
                                return -EINVAL;
                        opts->name = kstrndup(name,
-                                             MAX_CGROUP_ROOT_NAMELEN,
+                                             MAX_CGROUP_ROOT_NAMELEN - 1,
                                              GFP_KERNEL);
                        if (!opts->name)
                                return -ENOMEM;