Commit be27cd64 authored May 23, 2024 by Kees Cook Committed by Theodore Ts'o Jul 05, 2024

ext4: use memtostr_pad() for s_volume_name



As with the other strings in struct ext4_super_block, s_volume_name is
not NUL terminated. The other strings were marked in commit 072ebb3b
("ext4: add nonstring annotations to ext4.h"). Using strscpy() isn't
the right replacement for strncpy(); it should use memtostr_pad()
instead.

Reported-by:  <syzbot+50835f73143cc2905b9e@syzkaller.appspotmail.com>
Closes: https://lore.kernel.org/all/00000000000019f4c00619192c05@google.com/


Fixes: 744a5638 ("ext4: replace deprecated strncpy with alternatives")
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://patch.msgid.link/20240523225408.work.904-kees@kernel.org


Signed-off-by: Theodore Ts'o <tytso@mit.edu>

parent 7c73ddb7

fs/ext4/ext4.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -1347,7 +1347,7 @@ struct ext4_super_block {
		/60/ __le32 s_feature_incompat; /* incompatible feature set */
		__le32 s_feature_ro_compat; /* readonly-compatible feature set */
		/68/ __u8 s_uuid[16]; /* 128-bit uuid for volume */
		/78/ char s_volume_name[EXT4_LABEL_MAX]; /* volume name */
		/78/ char s_volume_name[EXT4_LABEL_MAX] __nonstring; /* volume name */
		/88/ char s_last_mounted[64] __nonstring; /* directory where last mounted */
		/C8/ __le32 s_algorithm_usage_bitmap; /* For compression */
		/*

fs/ext4/ioctl.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1151,7 +1151,7 @@ static int ext4_ioctl_getlabel(struct ext4_sb_info sbi, char __user user_label
		BUILD_BUG_ON(EXT4_LABEL_MAX >= FSLABEL_MAX);

		lock_buffer(sbi->s_sbh);
		strscpy_pad(label, sbi->s_es->s_volume_name);
		memtostr_pad(label, sbi->s_es->s_volume_name);
		unlock_buffer(sbi->s_sbh);

		if (copy_to_user(user_label, label, sizeof(label)))