ceph: Use strscpy() instead of strcpy() in __get_snap_name()

strcpy() performs no bounds checking on the destination buffer. This could result in linear overflows beyond the end of the buffer, leading to all kinds of misbehaviors [1]. This fixes checkpatch warning: WARNING: Prefer strscpy over strcpy [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [ idryomov: formatting ] Signed-off-by: Abdul Rahim <abdul.rahim@myyahoo.com> Reviewed-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
author: Abdul Rahim <abdul.rahim@myyahoo.com> 2024-11-15 16:54:19 +0530
committer: Ilya Dryomov <idryomov@gmail.com> 2024-11-18 17:34:36 +0100
commit: c152737be22b103bff5987e03136a69710c2e68f (patch)
tree: 04a308230bcdbacc9ebdfb88d38f4c57b562c1c5
parent: e50f960bea7a25da0848fa8e1eec715670c4be70 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/fs/ceph/export.c b/fs/ceph/export.c
index 44451749c544..9f236a2a2557 100644
--- a/fs/ceph/export.c
+++ b/fs/ceph/export.c
@@ -452,7 +452,13 @@ static int __get_snap_name(struct dentry *parent, char *name,
 		goto out;
 	if (ceph_snap(inode) == CEPH_SNAPDIR) {
 		if (ceph_snap(dir) == CEPH_NOSNAP) {
-			strcpy(name, fsc->mount_options->snapdir_name);
+			/*
+			 * .get_name() from struct export_operations
+			 * assumes that its 'name' parameter is pointing
+			 * to a NAME_MAX+1 sized buffer
+			 */
+			strscpy(name, fsc->mount_options->snapdir_name,
+				NAME_MAX + 1);
 			err = 0;
 		}
 		goto out;
author	Abdul Rahim <abdul.rahim@myyahoo.com>	2024-11-15 16:54:19 +0530
committer	Ilya Dryomov <idryomov@gmail.com>	2024-11-18 17:34:36 +0100
commit	c152737be22b103bff5987e03136a69710c2e68f (patch)
tree	04a308230bcdbacc9ebdfb88d38f4c57b562c1c5
parent	e50f960bea7a25da0848fa8e1eec715670c4be70 (diff)