From 77e165662c054c9fbfcebe529b7d2a676a1587f3 Mon Sep 17 00:00:00 2001
From: Shaun Tancheff <stancheff@cray.com>
Date: Wed, 13 Nov 2019 19:28:46 -0600
Subject: [PATCH] LU-12968 mgs: Prevent reading past end of buffer

KASAN reported
  BUG: KASAN: slab-out-of-bounds in mgs_wlp_lcfg+0xb3/0x4a0 [mgs]
  Read of size 64 at addr ffff8880b8f9fe40 by task ll_mgs_0002/17603

On memory allocated here.
  mgs_write_log_target+0x2ae/0x910 [mgs]

In mgs_wlp_lcfg( ..., char *ptr) ptr is a string so use strlcpy
instead of memcpy to avoid reading past the end of the buffer

Cray-bug-id: LUS-8137
Signed-off-by: Shaun Tancheff <stancheff@cray.com>
Change-Id: I539c0b4d878d26c44f64a4cd5746a8fba1bef2fa
Reviewed-on: https://review.whamcloud.com/36753
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Petros Koutoupis <pkoutoupis@cray.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
---
 lustre/mgs/mgs_llog.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lustre/mgs/mgs_llog.c b/lustre/mgs/mgs_llog.c
index 45f7678..6b8c0e4 100644
--- a/lustre/mgs/mgs_llog.c
+++ b/lustre/mgs/mgs_llog.c
@@ -3285,8 +3285,7 @@ static int mgs_wlp_lcfg(const struct lu_env *env,
 	int rc, del;
 
 	/* Erase any old settings of this same parameter */
-	memcpy(comment, ptr, MTI_NAME_MAXLEN);
-	comment[MTI_NAME_MAXLEN - 1] = 0;
+	strlcpy(comment, ptr, sizeof(comment));
 	/* But don't try to match the value. */
 	tmp = strchr(comment, '=');
 	if (tmp != NULL)
-- 
1.8.3.1