LU-12968 mgs: Prevent reading past end of buffer

KASAN reported
  BUG: KASAN: slab-out-of-bounds in mgs_wlp_lcfg+0xb3/0x4a0 [mgs]
  Read of size 64 at addr ffff8880b8f9fe40 by task ll_mgs_0002/17603

On memory allocated here.
  mgs_write_log_target+0x2ae/0x910 [mgs]

In mgs_wlp_lcfg( ..., char *ptr) ptr is a string so use strlcpy
instead of memcpy to avoid reading past the end of the buffer

Cray-bug-id: LUS-8137
Signed-off-by: Shaun Tancheff <stancheff@cray.com>
Change-Id: I539c0b4d878d26c44f64a4cd5746a8fba1bef2fa
Reviewed-on: https://review.whamcloud.com/36753
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Petros Koutoupis <pkoutoupis@cray.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>

diff --git a/lustre/mgs/mgs_llog.c b/lustre/mgs/mgs_llog.c
index 45f7678..6b8c0e4 100644 (file)
--- a/lustre/mgs/mgs_llog.c
+++ b/lustre/mgs/mgs_llog.c
@@ -3285,8 +3285,7 @@ static int mgs_wlp_lcfg(const struct lu_env *env,
        int rc, del;
 
        /* Erase any old settings of this same parameter */
        int rc, del;
 
        /* Erase any old settings of this same parameter */

-       memcpy(comment, ptr, MTI_NAME_MAXLEN);
-       comment[MTI_NAME_MAXLEN - 1] = 0;
+       strlcpy(comment, ptr, sizeof(comment));

        /* But don't try to match the value. */
        tmp = strchr(comment, '=');
        if (tmp != NULL)
        /* But don't try to match the value. */
        tmp = strchr(comment, '=');
        if (tmp != NULL)