gfs2: Switch from strlcpy to strscpy

Switch from strlcpy to strscpy and make sure that @count is the size of
the smaller of the source and destination buffers.  This prevents
reading beyond the end of the source buffer when the source string isn't
null terminated.

Found by a modified version of syzkaller.

Suggested-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>

diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c
index 549879929c847c143905d03bfac6bbc1b9564f4b..236b59ef93b6872d73a6fce453ee0fc51572923f 100644 (file)
--- a/fs/gfs2/ops_fstype.c
+++ b/fs/gfs2/ops_fstype.c
@@ -381,8 +381,10 @@ static int init_names(struct gfs2_sbd *sdp, int silent)
        if (!table[0])
                table = sdp->sd_vfs->s_id;
 
-       strlcpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
-       strlcpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
+       BUILD_BUG_ON(GFS2_LOCKNAME_LEN > GFS2_FSNAME_LEN);
+
+       strscpy(sdp->sd_proto_name, proto, GFS2_LOCKNAME_LEN);
+       strscpy(sdp->sd_table_name, table, GFS2_LOCKNAME_LEN);
 
        table = sdp->sd_table_name;
        while ((table = strchr(table, '/')))
@@ -1439,13 +1441,13 @@ static int gfs2_parse_param(struct fs_context *fc, struct fs_parameter *param)
 
        switch (o) {
        case Opt_lockproto:
-               strlcpy(args->ar_lockproto, param->string, GFS2_LOCKNAME_LEN);
+               strscpy(args->ar_lockproto, param->string, GFS2_LOCKNAME_LEN);
                break;
        case Opt_locktable:
-               strlcpy(args->ar_locktable, param->string, GFS2_LOCKNAME_LEN);
+               strscpy(args->ar_locktable, param->string, GFS2_LOCKNAME_LEN);
                break;
        case Opt_hostdata:
-               strlcpy(args->ar_hostdata, param->string, GFS2_LOCKNAME_LEN);
+               strscpy(args->ar_hostdata, param->string, GFS2_LOCKNAME_LEN);
                break;
        case Opt_spectator:
                args->ar_spectator = 1;