NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()

[ Upstream commit f64ea4af43161bb86ffc77e6aeb5bcf5c3229df0 ]

It's only current caller already length-checks the string, but let's
be safe.

Fixes: 0964a3d3f1aa ("[PATCH] knfsd: nfsd4 reboot dirname fix")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 5188f9f70c78c9c5e5037709452c98fedee5fbe4..e986e9e0c93f7d57190afeeef9340e44bd1a58b9 100644 (file)
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -596,7 +596,8 @@ nfs4_reset_recoverydir(char *recdir)
                return status;
        status = -ENOTDIR;
        if (d_is_dir(path.dentry)) {
-               strcpy(user_recovery_dirname, recdir);
+               strscpy(user_recovery_dirname, recdir,
+                       sizeof(user_recovery_dirname));
                status = 0;
        }
        path_put(&path);