From: Shaun Tancheff <stancheff@cray.com>
Date: Thu, 14 Nov 2019 01:28:46 +0000 (-0600)
Subject: LU-12968 mgs: Prevent reading past end of buffer
X-Git-Tag: 2.13.52~90
X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=commitdiff_plain;h=77e165662c054c9fbfcebe529b7d2a676a1587f3

LU-12968 mgs: Prevent reading past end of buffer

KASAN reported
  BUG: KASAN: slab-out-of-bounds in mgs_wlp_lcfg+0xb3/0x4a0 [mgs]
  Read of size 64 at addr ffff8880b8f9fe40 by task ll_mgs_0002/17603

On memory allocated here.
  mgs_write_log_target+0x2ae/0x910 [mgs]

In mgs_wlp_lcfg( ..., char *ptr) ptr is a string so use strlcpy
instead of memcpy to avoid reading past the end of the buffer

Cray-bug-id: LUS-8137
Signed-off-by: Shaun Tancheff <stancheff@cray.com>
Change-Id: I539c0b4d878d26c44f64a4cd5746a8fba1bef2fa
Reviewed-on: https://review.whamcloud.com/36753
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Petros Koutoupis <pkoutoupis@cray.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
---

diff --git a/lustre/mgs/mgs_llog.c b/lustre/mgs/mgs_llog.c
index 45f7678..6b8c0e4 100644
--- a/lustre/mgs/mgs_llog.c
+++ b/lustre/mgs/mgs_llog.c
@@ -3285,8 +3285,7 @@ static int mgs_wlp_lcfg(const struct lu_env *env,
 	int rc, del;
 
 	/* Erase any old settings of this same parameter */
-	memcpy(comment, ptr, MTI_NAME_MAXLEN);
-	comment[MTI_NAME_MAXLEN - 1] = 0;
+	strlcpy(comment, ptr, sizeof(comment));
 	/* But don't try to match the value. */
 	tmp = strchr(comment, '=');
 	if (tmp != NULL)