ceph: Use strscpy() instead of strcpy() in __get_snap_name()

strcpy() performs no bounds checking on the destination buffer. This could result in linear overflows beyond the end of the buffer, leading to all kinds of misbehaviors [1]. This fixes checkpatch warning: WARNING: Prefer strscpy over strcpy [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strcpy [ idryomov: formatting ] Signed-off-by: Abdul Rahim <abdul.rahim@myyahoo.com> Reviewed-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2025-01-16 02:14:58 +00:00 · 2024-11-15 16:54:19 +05:30 · 2024-11-15 16:54:19 +05:30 · c152737be2
commit c152737be2
parent e50f960bea
1 changed files with 7 additions and 1 deletions
--- a/fs/ceph/export.c
+++ b/fs/ceph/export.c
@ -452,7 +452,13 @@ static int __get_snap_name(struct dentry *parent, char *name,
 		goto out;
 	if (ceph_snap(inode) == CEPH_SNAPDIR) {
 		if (ceph_snap(dir) == CEPH_NOSNAP) {
-			strcpy(name, fsc->mount_options->snapdir_name);
+			/*
+			 * .get_name() from struct export_operations
+			 * assumes that its 'name' parameter is pointing
+			 * to a NAME_MAX+1 sized buffer
+			 */
+			strscpy(name, fsc->mount_options->snapdir_name,
+				NAME_MAX + 1);
 			err = 0;
 		}
 		goto out;