[PATCH] gfs2: fix overread in the strlcpy of init_names

From: Dongliang Mu
Date: Tue Jun 28 2022 - 02:00:44 EST

Next message: HORIGUCHI NAOYA(堀口　直也): "Re: [PATCH v2 7/9] mm, hwpoison: make __page_handle_poison returns int"
Previous message: Greg Kroah-Hartman: "Re: [PATCH] PK: runtime: Redefine pm_runtime_release_supplier()"
Next in thread: Andreas Gruenbacher: "Re: [PATCH] gfs2: fix overread in the strlcpy of init_names"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dongliang Mu <mudongliangabcd@xxxxxxxxx>

In init_names, strlcpy will overread the src string as the src string is
less than GFS2_FSNAME_LEN(256).

Fix this by modifying strlcpy back to snprintf, reverting
the commit 00377d8e3842.

Fixes: 00377d8e3842 ("[GFS2] Prefer strlcpy() over snprintf()")
Reported-by: syzkaller <syzkaller@xxxxxxxxxxxxxxxx>
Signed-off-by: Dongliang Mu <mudongliangabcd@xxxxxxxxx>
---
fs/gfs2/ops_fstype.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c
index c9b423c874a3..ee29b50d39b9 100644
--- a/fs/gfs2/ops_fstype.c
+++ b/fs/gfs2/ops_fstype.c
@@ -383,8 +383,8 @@ static int init_names(struct gfs2_sbd *sdp, int silent)
if (!table[0])
table = sdp->sd_vfs->s_id;

- strlcpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
- strlcpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
+ snprintf(sdp->sd_proto_name, GFS2_FSNAME_LEN, "%s", proto);
+ snprintf(sdp->sd_table_name, GFS2_FSNAME_LEN, "%s", table);

table = sdp->sd_table_name;
while ((table = strchr(table, '/')))
--
2.35.1

Next message: HORIGUCHI NAOYA(堀口　直也): "Re: [PATCH v2 7/9] mm, hwpoison: make __page_handle_poison returns int"
Previous message: Greg Kroah-Hartman: "Re: [PATCH] PK: runtime: Redefine pm_runtime_release_supplier()"
Next in thread: Andreas Gruenbacher: "Re: [PATCH] gfs2: fix overread in the strlcpy of init_names"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]