From: Abdul Rahim <abdul.rahim@myyahoo.com>
Date: Fri, 15 Nov 2024 11:24:19 +0000 (+0530)
Subject: ceph: Use strscpy() instead of strcpy() in __get_snap_name()
X-Git-Tag: v6.13-rc1~21^2~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c152737be22b103bff5987e03136a69710c2e68f;p=thirdparty%2Fkernel%2Flinux.git

ceph: Use strscpy() instead of strcpy() in __get_snap_name()

strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors [1].

This fixes checkpatch warning:
    WARNING: Prefer strscpy over strcpy

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy

[ idryomov: formatting ]

Signed-off-by: Abdul Rahim <abdul.rahim@myyahoo.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---

diff --git a/fs/ceph/export.c b/fs/ceph/export.c
index 44451749c5446..9f236a2a25570 100644
--- a/fs/ceph/export.c
+++ b/fs/ceph/export.c
@@ -452,7 +452,13 @@ static int __get_snap_name(struct dentry *parent, char *name,
 		goto out;
 	if (ceph_snap(inode) == CEPH_SNAPDIR) {
 		if (ceph_snap(dir) == CEPH_NOSNAP) {
-			strcpy(name, fsc->mount_options->snapdir_name);
+			/*
+			 * .get_name() from struct export_operations
+			 * assumes that its 'name' parameter is pointing
+			 * to a NAME_MAX+1 sized buffer
+			 */
+			strscpy(name, fsc->mount_options->snapdir_name,
+				NAME_MAX + 1);
 			err = 0;
 		}
 		goto out;