gfs2: Switch from strlcpy to strscpy

commit 204c0300c4e99707e9fb6e57840aa1127060e63f upstream.

Switch from strlcpy to strscpy and make sure that @count is the size of
the smaller of the source and destination buffers.  This prevents
reading beyond the end of the source buffer when the source string isn't
null terminated.

Found by a modified version of syzkaller.

Suggested-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c
index 55daf740ab8d4c4debe859cd054eee5aba10131e..af04060f3ab5d01a4c2830e2d64fcf8f75ca95e5 100644 (file)
--- a/fs/gfs2/ops_fstype.c
+++ b/fs/gfs2/ops_fstype.c
@@ -390,8 +390,10 @@ static int init_names(struct gfs2_sbd *sdp, int silent)
        if (!table[0])
                table = sdp->sd_vfs->s_id;
 
-       strlcpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
-       strlcpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
+       BUILD_BUG_ON(GFS2_LOCKNAME_LEN > GFS2_FSNAME_LEN);
+
+       strscpy(sdp->sd_proto_name, proto, GFS2_LOCKNAME_LEN);
+       strscpy(sdp->sd_table_name, table, GFS2_LOCKNAME_LEN);
 
        table = sdp->sd_table_name;
        while ((table = strchr(table, '/')))