diff mbox series

[v3] btrfs: Replace strncpy() with strscpy()

Message ID	20221122145108.3710710-1-artem.chernyshev@red-soft.ru
State	New
Headers	Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; From: Artem Chernyshev <artem.chernyshev@red-soft.ru> To: Chris Mason <clm@fb.com>, David Sterba <dsterba@suse.com> Cc: Artem Chernyshev <artem.chernyshev@red-soft.ru>, Josef Bacik <josef@toxicpanda.com>, linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org Subject: [PATCH v3] btrfs: Replace strncpy() with strscpy() Date: Tue, 22 Nov 2022 17:51:08 +0300 Message-Id: <20221122145108.3710710-1-artem.chernyshev@red-soft.ru> In-Reply-To: <20221121185427.GB5824@twin.jikos.cz> References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit bases: 2022/11/22 09:40:00 bases: 2022/11/22 11:32:00 #20598255 Precedence: bulk
Series	[v3] btrfs: Replace strncpy() with strscpy() \| [v3] btrfs: Replace strncpy() with strscpy()

Commit Message

Artem Chernyshev Nov. 22, 2022, 2:51 p.m. UTC

  Using strncpy() on NUL-terminated strings are deprecated.
To avoid possible forming of non-terminated string
strscpy() could be used.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 475f63874d73 ("btrfs: new ioctls for scrub")
Fixes: 606686eeac45 ("Btrfs: use rcu to protect device->name")
Signed-off-by: Artem Chernyshev <artem.chernyshev@red-soft.ru>
---
V1->V2 Fixed typo in subject
V2->V3 Added fix for ioctl.c

 fs/btrfs/ioctl.c      | 5 ++---
 fs/btrfs/rcu-string.h | 5 ++++-
 2 files changed, 6 insertions(+), 4 deletions(-)

Comments

David Sterba Nov. 22, 2022, 3:52 p.m. UTC | #1

On Tue, Nov 22, 2022 at 05:51:08PM +0300, Artem Chernyshev wrote:
> Using strncpy() on NUL-terminated strings are deprecated.
> To avoid possible forming of non-terminated string
> strscpy() could be used.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 475f63874d73 ("btrfs: new ioctls for scrub")
> Fixes: 606686eeac45 ("Btrfs: use rcu to protect device->name")
> Signed-off-by: Artem Chernyshev <artem.chernyshev@red-soft.ru>

Added to misc-next with minor adjustments, thanks.

diff mbox series

Patch

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index d5dd8bed1488..fdf62d514662 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -3748,9 +3748,8 @@  static long btrfs_ioctl_dev_info(struct btrfs_fs_info *fs_info,
 	di_args->total_bytes = btrfs_device_get_total_bytes(dev);
 	memcpy(di_args->uuid, dev->uuid, sizeof(di_args->uuid));
 	if (dev->name) {
-		strncpy(di_args->path, rcu_str_deref(dev->name),
-				sizeof(di_args->path) - 1);
-		di_args->path[sizeof(di_args->path) - 1] = 0;
+		strscpy(di_args->path, rcu_str_deref(dev->name),
+				sizeof(di_args->path));
 	} else {
 		di_args->path[0] = '\0';
 	}
diff --git a/fs/btrfs/rcu-string.h b/fs/btrfs/rcu-string.h
index 5c1a617eb25d..d9894da7a05a 100644
--- a/fs/btrfs/rcu-string.h
+++ b/fs/btrfs/rcu-string.h
@@ -18,7 +18,10 @@  static inline struct rcu_string *rcu_string_strdup(const char *src, gfp_t mask)
 					 (len * sizeof(char)), mask);
 	if (!ret)
 		return ret;
-	strncpy(ret->str, src, len);
+	if (WARN_ON(strscpy(ret->str, src, len) < 0)) {
+		kfree(ret);
+		return NULL;
+	}
 	return ret;
 }