gfs2: Switch from strlcpy to strscpy

commit 204c0300c4e99707e9fb6e57840aa1127060e63f upstream. Switch from strlcpy to strscpy and make sure that @count is the size of the smaller of the source and destination buffers. This prevents reading beyond the end of the source buffer when the source string isn't null terminated. Found by a modified version of syzkaller. Suggested-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Andreas Gruenbacher <agruenba@redhat.com> 2022-08-26 15:12:17 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-11-25 17:35:43 +0100
commit: ac67a980c242291c331e5cacdd898d4e5748ac96 (patch)
tree: 01cf7283b1136d1a8acb6789c074cfcb615afa2e
parent: d6b1e8ea6f3418c3b461ad5a35cdc93c996b2c87 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c
index 55daf740ab8d..af04060f3ab5 100644
--- a/fs/gfs2/ops_fstype.c
+++ b/fs/gfs2/ops_fstype.c
@@ -390,8 +390,10 @@ static int init_names(struct gfs2_sbd *sdp, int silent)
 	if (!table[0])
 		table = sdp->sd_vfs->s_id;
 
-	strlcpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
-	strlcpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
+	BUILD_BUG_ON(GFS2_LOCKNAME_LEN > GFS2_FSNAME_LEN);
+
+	strscpy(sdp->sd_proto_name, proto, GFS2_LOCKNAME_LEN);
+	strscpy(sdp->sd_table_name, table, GFS2_LOCKNAME_LEN);
 
 	table = sdp->sd_table_name;
 	while ((table = strchr(table, '/')))
author	Andreas Gruenbacher <agruenba@redhat.com>	2022-08-26 15:12:17 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-11-25 17:35:43 +0100
commit	ac67a980c242291c331e5cacdd898d4e5748ac96 (patch)
tree	01cf7283b1136d1a8acb6789c074cfcb615afa2e
parent	d6b1e8ea6f3418c3b461ad5a35cdc93c996b2c87 (diff)