From cc5ef6ae5412c3e94061d949ef684036eb003f27 Mon Sep 17 00:00:00 2001
From: Sebastien Buisson <sebastien.buisson@bull.net>
Date: Thu, 25 Oct 2012 14:32:15 +0200
Subject: [PATCH] LU-2227 build: fix 'memory illegal access' errors

Fix 'memory illegal access' defects found by Coverity version
6.0.3:
Buffer not null terminated (BUFFER_SIZE_WARNING)
Calling strncpy with a certain maximum size argument on
destination array of same size might leave the destination string
unterminated.
Out-of-bounds read (OVERRUN_STATIC)
Overrunning static array with n elements, at position n.
String not null terminated (STRING_NULL)
Function does not terminate string.

Signed-off-by: Sebastien Buisson <sebastien.buisson@bull.net>
Change-Id: I5ded09054b2e0e5296ba17d7528518fed298fc89
Reviewed-on: http://review.whamcloud.com/4391
Tested-by: Hudson
Tested-by: Maloo <whamcloud.maloo@gmail.com>
Reviewed-by: Bob Glossman <bob.glossman@intel.com>
Reviewed-by: Keith Mannthey <keith.mannthey@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
---
 lnet/klnds/o2iblnd/o2iblnd.c       |  4 +++-
 lnet/selftest/framework.c          | 12 +++++++++---
 lustre/fld/fld_cache.c             |  2 +-
 lustre/include/lustre_disk.h       |  2 +-
 lustre/lmv/lproc_lmv.c             |  3 ++-
 lustre/lod/lod_lov.c               | 17 ++++++++++++++---
 lustre/lov/lov_ea.c                |  6 +++++-
 lustre/lov/lov_pack.c              | 18 +++++++++++++-----
 lustre/mgc/mgc_request.c           | 13 ++++++++++---
 lustre/mgs/mgs_llog.c              | 32 +++++++++++++++++++++++---------
 lustre/obdclass/cl_page.c          |  9 +++++++++
 lustre/obdclass/llog_cat.c         |  4 ++--
 lustre/obdclass/obd_mount.c        | 16 +++++++++++-----
 lustre/osd-ldiskfs/osd_handler.c   | 14 +++++++++++---
 lustre/osd-ldiskfs/osd_iam.h       |  2 +-
 lustre/ptlrpc/sec_config.c         |  2 +-
 lustre/quota/qsd_lib.c             |  4 +++-
 lustre/utils/l_getidentity.c       |  4 ++++
 lustre/utils/mount_utils_ldiskfs.c |  9 ++++++---
 19 files changed, 129 insertions(+), 44 deletions(-)

diff --git a/lnet/klnds/o2iblnd/o2iblnd.c b/lnet/klnds/o2iblnd/o2iblnd.c
index 9fbd1ab..7d3c025 100644
--- a/lnet/klnds/o2iblnd/o2iblnd.c
+++ b/lnet/klnds/o2iblnd/o2iblnd.c
@@ -1785,7 +1785,9 @@ kiblnd_init_poolset(kib_poolset_t *ps, int cpt,
         ps->ps_node_init    = nd_init;
         ps->ps_node_fini    = nd_fini;
         ps->ps_pool_size    = size;
-        strncpy(ps->ps_name, name, IBLND_POOL_NAME_LEN);
+	if (strlcpy(ps->ps_name, name, sizeof(ps->ps_name))
+	    >= sizeof(ps->ps_name))
+		return -E2BIG;
 	spin_lock_init(&ps->ps_lock);
         CFS_INIT_LIST_HEAD(&ps->ps_pool_list);
         CFS_INIT_LIST_HEAD(&ps->ps_failed_pool_list);
diff --git a/lnet/selftest/framework.c b/lnet/selftest/framework.c
index 8371d94..506010e 100644
--- a/lnet/selftest/framework.c
+++ b/lnet/selftest/framework.c
@@ -287,7 +287,7 @@ sfw_init_session(sfw_session_t *sn, lst_sid_t sid,
         cfs_atomic_set(&sn->sn_refcount, 1);        /* +1 for caller */
         cfs_atomic_set(&sn->sn_brw_errors, 0);
         cfs_atomic_set(&sn->sn_ping_errors, 0);
-        strncpy(&sn->sn_name[0], name, LST_NAME_SIZE);
+	strlcpy(&sn->sn_name[0], name, sizeof(sn->sn_name));
 
         sn->sn_timer_active = 0;
         sn->sn_id           = sid;
@@ -438,6 +438,7 @@ sfw_make_session(srpc_mksn_reqst_t *request, srpc_mksn_reply_t *reply)
 	sfw_session_t *sn = sfw_data.fw_session;
 	srpc_msg_t    *msg = container_of(request, srpc_msg_t,
 					  msg_body.mksn_reqst);
+	int	       cplen = 0;
 
         if (request->mksn_sid.ses_nid == LNET_NID_ANY) {
                 reply->mksn_sid = (sn == NULL) ? LST_INVALID_SID : sn->sn_id;
@@ -457,7 +458,10 @@ sfw_make_session(srpc_mksn_reqst_t *request, srpc_mksn_reply_t *reply)
 
                 if (!request->mksn_force) {
                         reply->mksn_status = EBUSY;
-                        strncpy(&reply->mksn_name[0], &sn->sn_name[0], LST_NAME_SIZE);
+			cplen = strlcpy(&reply->mksn_name[0], &sn->sn_name[0],
+					sizeof(reply->mksn_name));
+			if (cplen >= sizeof(reply->mksn_name))
+				return -E2BIG;
                         return 0;
                 }
         }
@@ -543,7 +547,9 @@ sfw_debug_session (srpc_debug_reqst_t *request, srpc_debug_reply_t *reply)
         reply->dbg_status  = 0;
         reply->dbg_sid     = sn->sn_id;      
         reply->dbg_timeout = sn->sn_timeout;
-        strncpy(reply->dbg_name, &sn->sn_name[0], LST_NAME_SIZE);
+	if (strlcpy(reply->dbg_name, &sn->sn_name[0], sizeof(reply->dbg_name))
+	    >= sizeof(reply->dbg_name))
+		return -E2BIG;
 
         return 0;
 }
diff --git a/lustre/fld/fld_cache.c b/lustre/fld/fld_cache.c
index e6ff0a7..b21ead4 100644
--- a/lustre/fld/fld_cache.c
+++ b/lustre/fld/fld_cache.c
@@ -87,7 +87,7 @@ struct fld_cache *fld_cache_init(const char *name,
         cache->fci_cache_count = 0;
 	rwlock_init(&cache->fci_lock);
 
-        strncpy(cache->fci_name, name,
+	strlcpy(cache->fci_name, name,
                 sizeof(cache->fci_name));
 
         cache->fci_cache_size = cache_size;
diff --git a/lustre/include/lustre_disk.h b/lustre/include/lustre_disk.h
index db0fdf9..b1c030a 100644
--- a/lustre/include/lustre_disk.h
+++ b/lustre/include/lustre_disk.h
@@ -201,7 +201,7 @@ static inline int server_make_name(__u32 flags, __u16 index, char *fs,
 
 /* Get the index from the obd name */
 int server_name2index(char *svname, __u32 *idx, char **endptr);
-int server_name2svname(char *label, char *svname, char **endptr);
+int server_name2svname(char *label, char *svname, char **endptr, size_t svsize);
 
 
 /****************** mount command *********************/
diff --git a/lustre/lmv/lproc_lmv.c b/lustre/lmv/lproc_lmv.c
index 523bfc7..65d1bd2 100644
--- a/lustre/lmv/lproc_lmv.c
+++ b/lustre/lmv/lproc_lmv.c
@@ -61,7 +61,8 @@ static int lmv_rd_numobd(char *page, char **start, off_t off, int count,
 
 static const char *placement_name[] = {
         [PLACEMENT_CHAR_POLICY] = "CHAR",
-        [PLACEMENT_NID_POLICY]  = "NID"
+	[PLACEMENT_NID_POLICY]  = "NID",
+	[PLACEMENT_INVAL_POLICY]  = "INVAL"
 };
 
 static placement_policy_t placement_name2policy(char *name, int len)
diff --git a/lustre/lod/lod_lov.c b/lustre/lod/lod_lov.c
index d477c88..6ec7823 100644
--- a/lustre/lod/lod_lov.c
+++ b/lustre/lod/lod_lov.c
@@ -501,6 +501,7 @@ int lod_generate_and_set_lovea(const struct lu_env *env,
 	struct lov_ost_data_v1	*objs;
 	__u32			 magic;
 	int			 i, rc, lmm_size;
+	int			 cplen = 0;
 	ENTRY;
 
 	LASSERT(lo);
@@ -527,7 +528,10 @@ int lod_generate_and_set_lovea(const struct lu_env *env,
 		objs = &lmm->lmm_objects[0];
 	} else {
 		struct lov_mds_md_v3 *v3 = (struct lov_mds_md_v3 *) lmm;
-		strncpy(v3->lmm_pool_name, lo->ldo_pool, LOV_MAXPOOLNAME);
+		cplen = strlcpy(v3->lmm_pool_name, lo->ldo_pool,
+				sizeof(v3->lmm_pool_name));
+		if (cplen >= sizeof(v3->lmm_pool_name))
+			RETURN(-E2BIG);
 		objs = &v3->lmm_objects[0];
 	}
 
@@ -613,6 +617,7 @@ int lod_store_def_striping(const struct lu_env *env, struct dt_object *dt,
 	struct dt_object	*next = dt_object_child(dt);
 	struct lov_user_md_v3	*v3;
 	int			 rc;
+	int			 cplen = 0;
 	ENTRY;
 
 	LASSERT(S_ISDIR(dt->do_lu.lo_header->loh_attr));
@@ -642,8 +647,14 @@ int lod_store_def_striping(const struct lu_env *env, struct dt_object *dt,
 	v3->lmm_stripe_size = cpu_to_le32(lo->ldo_def_stripe_size);
 	v3->lmm_stripe_count = cpu_to_le16(lo->ldo_def_stripenr);
 	v3->lmm_stripe_offset = cpu_to_le16(lo->ldo_def_stripe_offset);
-	if (lo->ldo_pool)
-		strncpy(v3->lmm_pool_name, lo->ldo_pool, LOV_MAXPOOLNAME);
+	if (lo->ldo_pool) {
+		cplen = strlcpy(v3->lmm_pool_name, lo->ldo_pool,
+				sizeof(v3->lmm_pool_name));
+		if (cplen >= sizeof(v3->lmm_pool_name)) {
+			OBD_FREE_PTR(v3);
+			RETURN(-E2BIG);
+		}
+	}
 
 	info->lti_buf.lb_buf = v3;
 	info->lti_buf.lb_len = sizeof(*v3);
diff --git a/lustre/lov/lov_ea.c b/lustre/lov/lov_ea.c
index 34ab86d..51a9118 100644
--- a/lustre/lov/lov_ea.c
+++ b/lustre/lov/lov_ea.c
@@ -293,11 +293,15 @@ int lsm_unpackmd_v3(struct lov_obd *lov, struct lov_stripe_md *lsm,
         struct lov_oinfo *loi;
         int i;
         __u64 stripe_maxbytes = OBD_OBJECT_EOF;
+	int cplen = 0;
 
         lmm = (struct lov_mds_md_v3 *)lmmv1;
 
         lsm_unpackmd_common(lsm, (struct lov_mds_md_v1 *)lmm);
-        strncpy(lsm->lsm_pool_name, lmm->lmm_pool_name, LOV_MAXPOOLNAME);
+	cplen = strlcpy(lsm->lsm_pool_name, lmm->lmm_pool_name,
+			sizeof(lsm->lsm_pool_name));
+	if (cplen >= sizeof(lsm->lsm_pool_name))
+		return -E2BIG;
 
         for (i = 0; i < lsm->lsm_stripe_count; i++) {
                 /* XXX LOV STACKING call down to osc_unpackmd() */
diff --git a/lustre/lov/lov_pack.c b/lustre/lov/lov_pack.c
index 67c2188..c10d000 100644
--- a/lustre/lov/lov_pack.c
+++ b/lustre/lov/lov_pack.c
@@ -142,6 +142,7 @@ int lov_packmd(struct obd_export *exp, struct lov_mds_md **lmmp,
         struct lov_ost_data_v1 *lmm_objects;
         int lmm_size, lmm_magic;
         int i;
+	int cplen = 0;
         ENTRY;
 
         if (lsm) {
@@ -226,8 +227,10 @@ int lov_packmd(struct obd_export *exp, struct lov_mds_md **lmmp,
         lmmv1->lmm_pattern = cpu_to_le32(lsm->lsm_pattern);
         lmmv1->lmm_layout_gen = cpu_to_le16(lsm->lsm_layout_gen);
         if (lsm->lsm_magic == LOV_MAGIC_V3) {
-                strncpy(lmmv3->lmm_pool_name, lsm->lsm_pool_name,
-                        LOV_MAXPOOLNAME);
+		cplen = strlcpy(lmmv3->lmm_pool_name, lsm->lsm_pool_name,
+				sizeof(lmmv3->lmm_pool_name));
+		if (cplen >= sizeof(lmmv3->lmm_pool_name))
+			RETURN(-E2BIG);
                 lmm_objects = lmmv3->lmm_objects;
         } else {
                 lmm_objects = lmmv1->lmm_objects;
@@ -413,6 +416,7 @@ static int __lov_setstripe(struct obd_export *exp, int max_lmm_size,
         int lmm_magic;
         __u16 stripe_count;
         int rc;
+	int cplen = 0;
         ENTRY;
 
         rc = lov_lum_swab_if_needed(lumv3, &lmm_magic, lump);
@@ -492,9 +496,13 @@ static int __lov_setstripe(struct obd_export *exp, int max_lmm_size,
         if (rc >= 0) {
                 (*lsmp)->lsm_oinfo[0]->loi_ost_idx = lumv1->lmm_stripe_offset;
                 (*lsmp)->lsm_stripe_size = lumv1->lmm_stripe_size;
-                if (lmm_magic == LOV_USER_MAGIC_V3)
-                        strncpy((*lsmp)->lsm_pool_name, lumv3->lmm_pool_name,
-                                LOV_MAXPOOLNAME);
+		if (lmm_magic == LOV_USER_MAGIC_V3) {
+			cplen = strlcpy((*lsmp)->lsm_pool_name,
+					lumv3->lmm_pool_name,
+					sizeof((*lsmp)->lsm_pool_name));
+			if (cplen >= sizeof((*lsmp)->lsm_pool_name))
+				rc = -E2BIG;
+		}
                 rc = 0;
         }
 
diff --git a/lustre/mgc/mgc_request.c b/lustre/mgc/mgc_request.c
index 2993a79..67e4179 100644
--- a/lustre/mgc/mgc_request.c
+++ b/lustre/mgc/mgc_request.c
@@ -1260,10 +1260,15 @@ static int mgc_apply_recover_logs(struct obd_device *mgc,
                 RETURN(-ENOMEM);
 
 	if (!IS_SERVER(lsi)) {
-                pos = sprintf(inst, "%p", cfg->cfg_instance);
+		pos = snprintf(inst, CFS_PAGE_SIZE, "%p", cfg->cfg_instance);
+		if (pos >= CFS_PAGE_SIZE) {
+			OBD_FREE(inst, CFS_PAGE_SIZE);
+			return -E2BIG;
+		}
         } else {
 		LASSERT(IS_MDT(lsi));
-		rc = server_name2svname(lsi->lsi_svname, inst, NULL);
+		rc = server_name2svname(lsi->lsi_svname, inst, NULL,
+					CFS_PAGE_SIZE);
 		if (rc) {
 			OBD_FREE(inst, CFS_PAGE_SIZE);
 			RETURN(-EINVAL);
@@ -1484,7 +1489,9 @@ again:
         body = req_capsule_client_get(&req->rq_pill, &RMF_MGS_CONFIG_BODY);
         LASSERT(body != NULL);
         LASSERT(sizeof(body->mcb_name) > strlen(cld->cld_logname));
-        strncpy(body->mcb_name, cld->cld_logname, sizeof(body->mcb_name));
+	if (strlcpy(body->mcb_name, cld->cld_logname, sizeof(body->mcb_name))
+	    >= sizeof(body->mcb_name))
+		GOTO(out, rc = -E2BIG);
         body->mcb_offset = cfg->cfg_last_idx + 1;
         body->mcb_type   = cld->cld_type;
         body->mcb_bits   = CFS_PAGE_SHIFT;
diff --git a/lustre/mgs/mgs_llog.c b/lustre/mgs/mgs_llog.c
index 32c5e03..b59a9d0 100644
--- a/lustre/mgs/mgs_llog.c
+++ b/lustre/mgs/mgs_llog.c
@@ -1398,16 +1398,21 @@ static int record_marker(const struct lu_env *env,
 	struct mgs_thread_info *mgi = mgs_env_info(env);
 	struct lustre_cfg *lcfg;
 	int rc;
+	int cplen = 0;
 
 	if (flags & CM_START)
 		fsdb->fsdb_gen++;
 	mgi->mgi_marker.cm_step = fsdb->fsdb_gen;
 	mgi->mgi_marker.cm_flags = flags;
 	mgi->mgi_marker.cm_vers = LUSTRE_VERSION_CODE;
-	strncpy(mgi->mgi_marker.cm_tgtname, tgtname,
-		sizeof(mgi->mgi_marker.cm_tgtname));
-	strncpy(mgi->mgi_marker.cm_comment, comment,
-		sizeof(mgi->mgi_marker.cm_comment));
+	cplen = strlcpy(mgi->mgi_marker.cm_tgtname, tgtname,
+			sizeof(mgi->mgi_marker.cm_tgtname));
+	if (cplen >= sizeof(mgi->mgi_marker.cm_tgtname))
+		return -E2BIG;
+	cplen = strlcpy(mgi->mgi_marker.cm_comment, comment,
+			sizeof(mgi->mgi_marker.cm_comment));
+	if (cplen >= sizeof(mgi->mgi_marker.cm_comment))
+		return -E2BIG;
 	mgi->mgi_marker.cm_createtime = cfs_time_current_sec();
 	mgi->mgi_marker.cm_canceltime = 0;
 	lustre_cfg_bufs_reset(&mgi->mgi_bufs, NULL);
@@ -1653,6 +1658,7 @@ static int mgs_steal_llog_handler(const struct lu_env *env,
            2: found mdc;
         */
         static int last_step = -1;
+	int cplen = 0;
 
         ENTRY;
 
@@ -1683,8 +1689,10 @@ static int mgs_steal_llog_handler(const struct lu_env *env,
 		    (marker->cm_flags & CM_START) &&
 		     !(marker->cm_flags & CM_SKIP)) {
                         got_an_osc_or_mdc = 1;
-                        strncpy(tmti->mti_svname, marker->cm_tgtname,
-                                sizeof(tmti->mti_svname));
+			cplen = strlcpy(tmti->mti_svname, marker->cm_tgtname,
+					sizeof(tmti->mti_svname));
+			if (cplen >= sizeof(tmti->mti_svname))
+				RETURN(-E2BIG);
 			rc = record_start_log(env, mgs, &mdt_llh,
 					      mti->mti_svname);
 			if (rc)
@@ -3832,9 +3840,15 @@ int mgs_setparam(const struct lu_env *env, struct mgs_device *mgs,
         OBD_ALLOC_PTR(mti);
         if (!mti)
                 GOTO(out, rc = -ENOMEM);
-        strncpy(mti->mti_fsname, fsname, MTI_NAME_MAXLEN);
-        strncpy(mti->mti_svname, devname, MTI_NAME_MAXLEN);
-        strncpy(mti->mti_params, param, sizeof(mti->mti_params));
+	if (strlcpy(mti->mti_fsname, fsname, sizeof(mti->mti_fsname))
+	    >= sizeof(mti->mti_fsname))
+		GOTO(out, rc = -E2BIG);
+	if (strlcpy(mti->mti_svname, devname, sizeof(mti->mti_svname))
+	    >= sizeof(mti->mti_svname))
+		GOTO(out, rc = -E2BIG);
+	if (strlcpy(mti->mti_params, param, sizeof(mti->mti_params))
+	    >= sizeof(mti->mti_params))
+		GOTO(out, rc = -E2BIG);
         rc = server_name2index(mti->mti_svname, &mti->mti_stripe_index, &tmp);
         if (rc < 0)
                 /* Not a valid server; may be only fsname */
diff --git a/lustre/obdclass/cl_page.c b/lustre/obdclass/cl_page.c
index 29a570c..a9d8146 100644
--- a/lustre/obdclass/cl_page.c
+++ b/lustre/obdclass/cl_page.c
@@ -1267,6 +1267,8 @@ int cl_page_prep(const struct lu_env *env, struct cl_io *io,
          * PG_writeback without risking other layers deciding to skip this
          * page.
          */
+	if (crt >= CRT_NR)
+		return -EINVAL;
         result = cl_page_invoke(env, io, pg, CL_PAGE_OP(io[crt].cpo_prep));
         if (result == 0)
                 cl_page_io_start(env, pg, crt);
@@ -1312,6 +1314,8 @@ void cl_page_completion(const struct lu_env *env,
         }
 
         cl_page_state_set(env, pg, CPS_CACHED);
+	if (crt >= CRT_NR)
+		return;
         CL_PAGE_INVOID_REVERSE(env, pg, CL_PAGE_OP(io[crt].cpo_completion),
                                (const struct lu_env *,
                                 const struct cl_page_slice *, int), ioret);
@@ -1351,6 +1355,8 @@ int cl_page_make_ready(const struct lu_env *env, struct cl_page *pg,
         PINVRNT(env, pg, crt < CRT_NR);
 
         ENTRY;
+	if (crt >= CRT_NR)
+		RETURN(-EINVAL);
         result = CL_PAGE_INVOKE(env, pg, CL_PAGE_OP(io[crt].cpo_make_ready),
                                 (const struct lu_env *,
                                  const struct cl_page_slice *));
@@ -1387,6 +1393,9 @@ int cl_page_cache_add(const struct lu_env *env, struct cl_io *io,
 
 	ENTRY;
 
+	if (crt >= CRT_NR)
+		RETURN(-EINVAL);
+
 	cfs_list_for_each_entry(scan, &pg->cp_layers, cpl_linkage) {
 		if (scan->cpl_ops->io[crt].cpo_cache_add == NULL)
 			continue;
diff --git a/lustre/obdclass/llog_cat.c b/lustre/obdclass/llog_cat.c
index 5ba5300..fbf2766 100644
--- a/lustre/obdclass/llog_cat.c
+++ b/lustre/obdclass/llog_cat.c
@@ -194,6 +194,7 @@ int llog_cat_id2handle(const struct lu_env *env, struct llog_handle *cathandle,
 	rc = llog_init_handle(env, loghandle, LLOG_F_IS_PLAIN, NULL);
 	if (rc < 0) {
 		llog_close(env, loghandle);
+		loghandle = NULL;
 		RETURN(rc);
 	}
 
@@ -843,8 +844,7 @@ int cat_cancel_cb(const struct lu_env *env, struct llog_handle *cathandle,
 	ENTRY;
 
 	if (rec->lrh_type != LLOG_LOGID_MAGIC) {
-		CERROR("%s: invalid record in catalog\n",
-		       loghandle->lgh_ctxt->loc_obd->obd_name);
+		CERROR("invalid record in catalog\n");
 		RETURN(-EINVAL);
 	}
 	CDEBUG(D_HA, "processing log "LPX64":%x at index %u of catalog "
diff --git a/lustre/obdclass/obd_mount.c b/lustre/obdclass/obd_mount.c
index 8a2c429..83bb072 100644
--- a/lustre/obdclass/obd_mount.c
+++ b/lustre/obdclass/obd_mount.c
@@ -1539,7 +1539,7 @@ int server_mti_print(char *title, struct mgs_target_info *mti)
  * rc < 0 on error
  * if endptr isn't NULL it is set to end of fsname *
  */
-int server_name2svname(char *label, char *svname, char **endptr)
+int server_name2svname(char *label, char *svname, char **endptr, size_t svsize)
 {
 	int rc;
 	char *dash;
@@ -1552,7 +1552,8 @@ int server_name2svname(char *label, char *svname, char **endptr)
 	if (*dash != '-')
 		return -1;
 
-	strncpy(svname, dash + 1, MTI_NAME_MAXLEN);
+	if (strlcpy(svname, dash + 1, svsize) >= svsize)
+		return -E2BIG;
 
 	return 0;
 }
@@ -1604,12 +1605,15 @@ static int server_lsi2mti(struct lustre_sb_info *lsi,
 {
 	lnet_process_id_t id;
 	int rc, i = 0;
+	int cplen = 0;
         ENTRY;
 
 	if (!IS_SERVER(lsi))
                 RETURN(-EINVAL);
 
-	strncpy(mti->mti_svname, lsi->lsi_svname, sizeof(mti->mti_svname));
+	if (strlcpy(mti->mti_svname, lsi->lsi_svname, sizeof(mti->mti_svname))
+	    >= sizeof(mti->mti_svname))
+		RETURN(-E2BIG);
 
         mti->mti_nid_count = 0;
         while (LNetGetId(i++, &id) != -ENOENT) {
@@ -1653,8 +1657,10 @@ static int server_lsi2mti(struct lustre_sb_info *lsi,
 	mti->mti_flags = lsi->lsi_flags & LDD_F_MASK;
 	if (mti->mti_flags & (LDD_F_WRITECONF | LDD_F_VIRGIN))
 		mti->mti_flags |= LDD_F_UPDATE;
-	strncpy(mti->mti_params, lsi->lsi_lmd->lmd_params,
-		sizeof(mti->mti_params));
+	cplen = strlcpy(mti->mti_params, lsi->lsi_lmd->lmd_params,
+			sizeof(mti->mti_params));
+	if (cplen >= sizeof(mti->mti_params))
+		return -E2BIG;
 	return 0;
 }
 
diff --git a/lustre/osd-ldiskfs/osd_handler.c b/lustre/osd-ldiskfs/osd_handler.c
index 825ce4d..d6c82a4 100644
--- a/lustre/osd-ldiskfs/osd_handler.c
+++ b/lustre/osd-ldiskfs/osd_handler.c
@@ -4108,6 +4108,7 @@ osd_it_pack_dirent(struct lu_dirent *ent, struct lu_fid *fid, __u64 offset,
 	ent->lde_reclen = cpu_to_le16(lu_dirent_calc_size(namelen, attr));
 
 	strncpy(ent->lde_name, name, namelen);
+	ent->lde_name[namelen] = '\0';
 	ent->lde_namelen = cpu_to_le16(namelen);
 
 	/* append lustre attributes */
@@ -5043,7 +5044,9 @@ static int osd_device_init(const struct lu_env *env, struct lu_device *d,
 {
 	struct osd_device *osd = osd_dev(d);
 
-	strncpy(osd->od_svname, name, MAX_OBD_NAME);
+	if (strlcpy(osd->od_svname, name, sizeof(osd->od_svname))
+	    >= sizeof(osd->od_svname))
+		return -E2BIG;
 	return osd_procfs_init(osd, name);
 }
 
@@ -5197,6 +5200,7 @@ static int osd_device_init0(const struct lu_env *env,
 	struct lu_device	*l = osd2lu_dev(o);
 	struct osd_thread_info *info;
 	int			rc;
+	int			cplen = 0;
 
 	/* if the module was re-loaded, env can loose its keys */
 	rc = lu_env_refill((struct lu_env *) env);
@@ -5230,8 +5234,12 @@ static int osd_device_init0(const struct lu_env *env,
 	if (rc < 0)
 		GOTO(out_mnt, rc);
 
-	strncpy(o->od_svname, lustre_cfg_string(cfg, 4),
-			sizeof(o->od_svname) - 1);
+	cplen = strlcpy(o->od_svname, lustre_cfg_string(cfg, 4),
+			sizeof(o->od_svname));
+	if (cplen >= sizeof(o->od_svname)) {
+		rc = -E2BIG;
+		GOTO(out_mnt, rc);
+	}
 
 	rc = osd_obj_map_init(o);
 	if (rc != 0)
diff --git a/lustre/osd-ldiskfs/osd_iam.h b/lustre/osd-ldiskfs/osd_iam.h
index 67364e3..a782769 100644
--- a/lustre/osd-ldiskfs/osd_iam.h
+++ b/lustre/osd-ldiskfs/osd_iam.h
@@ -937,7 +937,7 @@ static inline struct iam_entry *dx_node_get_entries(struct iam_path *path,
 static inline struct iam_ikey *iam_path_ikey(const struct iam_path *path,
                                              int nr)
 {
-        assert(0 <= nr && nr < ARRAY_SIZE(path->ip_data->ipd_key_scratch));
+	LASSERT(0 <= nr && nr < ARRAY_SIZE(path->ip_data->ipd_key_scratch));
         return path->ip_data->ipd_key_scratch[nr];
 }
 
diff --git a/lustre/ptlrpc/sec_config.c b/lustre/ptlrpc/sec_config.c
index 74f1b65..e1c25d3 100644
--- a/lustre/ptlrpc/sec_config.c
+++ b/lustre/ptlrpc/sec_config.c
@@ -593,7 +593,7 @@ struct sptlrpc_conf_tgt *sptlrpc_conf_get_tgt(struct sptlrpc_conf *conf,
 
         OBD_ALLOC_PTR(conf_tgt);
         if (conf_tgt) {
-                strncpy(conf_tgt->sct_name, name, sizeof(conf_tgt->sct_name));
+		strlcpy(conf_tgt->sct_name, name, sizeof(conf_tgt->sct_name));
                 sptlrpc_rule_set_init(&conf_tgt->sct_rset);
                 cfs_list_add(&conf_tgt->sct_list, &conf->sc_tgts);
         }
diff --git a/lustre/quota/qsd_lib.c b/lustre/quota/qsd_lib.c
index 0d0e518..0a7e75a 100644
--- a/lustre/quota/qsd_lib.c
+++ b/lustre/quota/qsd_lib.c
@@ -562,7 +562,9 @@ struct qsd_instance *qsd_init(const struct lu_env *env, char *svname,
 	qsd->qsd_started = false;
 
 	/* copy service name */
-	strncpy(qsd->qsd_svname, svname, MAX_OBD_NAME);
+	if (strlcpy(qsd->qsd_svname, svname, sizeof(qsd->qsd_svname))
+	    >= sizeof(qsd->qsd_svname))
+		GOTO(out, rc = -E2BIG);
 
 	/* grab reference on osd device */
 	lu_device_get(&dev->dd_lu_dev);
diff --git a/lustre/utils/l_getidentity.c b/lustre/utils/l_getidentity.c
index ff240eb..936f494 100644
--- a/lustre/utils/l_getidentity.c
+++ b/lustre/utils/l_getidentity.c
@@ -428,6 +428,10 @@ int main(int argc, char **argv)
         maxgroups = sysconf(_SC_NGROUPS_MAX);
         if (maxgroups > NGROUPS_MAX)
                 maxgroups = NGROUPS_MAX;
+	if (maxgroups == -1) {
+		rc = -EINVAL;
+		goto out;
+	}
 
         size = offsetof(struct identity_downcall_data, idd_groups[maxgroups]);
         data = malloc(size);
diff --git a/lustre/utils/mount_utils_ldiskfs.c b/lustre/utils/mount_utils_ldiskfs.c
index 15e7048..b8efddc 100644
--- a/lustre/utils/mount_utils_ldiskfs.c
+++ b/lustre/utils/mount_utils_ldiskfs.c
@@ -287,7 +287,7 @@ static int file_in_dev(char *file_name, char *dev_name)
 		pclose(fp);
 		return 1;
 	}
-	i = fread(debugfs_cmd, 1, sizeof(debugfs_cmd), fp);
+	i = fread(debugfs_cmd, 1, sizeof(debugfs_cmd) - 1, fp);
 	if (i) {
 		debugfs_cmd[i] = 0;
 		fprintf(stderr, "%s", debugfs_cmd);
@@ -346,7 +346,8 @@ static int is_e2fsprogs_feature_supp(const char *feature)
 			fprintf(stderr, "%s: %s\n", progname, strerror(errno));
 			return 0;
 		}
-		ret = fread(supp_features, 1, sizeof(supp_features), fp);
+		ret = fread(supp_features, 1, sizeof(supp_features) - 1, fp);
+		supp_features[ret] = '\0';
 		fclose(fp);
 	}
 	if (ret > 0 && strstr(supp_features,
@@ -1104,6 +1105,7 @@ static int is_feature_enabled(const char *feature, const char *devpath)
 	char cmd[PATH_MAX];
 	FILE *fp;
 	char enabled_features[4096] = "";
+	int ret = 1;
 
 	snprintf(cmd, sizeof(cmd), "%s -R features %s 2>&1",
 		 DEBUGFS, devpath);
@@ -1116,7 +1118,8 @@ static int is_feature_enabled(const char *feature, const char *devpath)
 		return 0;
 	}
 
-	fread(enabled_features, 1, sizeof(enabled_features), fp);
+	ret = fread(enabled_features, 1, sizeof(enabled_features) - 1, fp);
+	enabled_features[ret] = '\0';
 	fclose(fp);
 
 	if (strstr(enabled_features, feature))
-- 
1.8.3.1