apparmor: Replace deprecated strcpy with memcpy in gen_symlink_name

strcpy() is deprecated; use memcpy() instead. Unlike strcpy(), memcpy()
does not copy the NUL terminator from the source string, which would be
overwritten anyway on every iteration when using strcpy(). snprintf()
then ensures that 'char *s' is NUL-terminated.

Replace the hard-coded path length to remove the magic number 6, and add
a comment explaining the extra 11 bytes.

Closes: https://github.com/KSPP/linux/issues/88
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 907bd2667e28c7f0b01055159a7bde003ee0d457..91c1fcb78ac881403a7443f2ebfa98e0de3d70aa 100644 (file)
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1607,16 +1607,20 @@ static char *gen_symlink_name(int depth, const char *dirname, const char *fname)
 {
        char *buffer, *s;
        int error;
-       int size = depth * 6 + strlen(dirname) + strlen(fname) + 11;
+       const char *path = "../../";
+       size_t path_len = strlen(path);
+       int size;
 
+       /* Extra 11 bytes: "raw_data" (9) + two slashes "//" (2) */
+       size = depth * path_len + strlen(dirname) + strlen(fname) + 11;
        s = buffer = kmalloc(size, GFP_KERNEL);
        if (!buffer)
                return ERR_PTR(-ENOMEM);
 
        for (; depth > 0; depth--) {
-               strcpy(s, "../../");
-               s += 6;
-               size -= 6;
+               memcpy(s, path, path_len);
+               s += path_len;
+               size -= path_len;
        }
 
        error = snprintf(s, size, "raw_data/%s/%s", dirname, fname);