NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul()

toblux · chucklever · commit ab1c282c010c · 2025-09-21T19:24:50.000-04:00
Commit 5304877 ("NFSD: Fix strncpy() fortify warning") replaced strncpy(,, sizeof(..)) with strlcpy(,, sizeof(..) - 1), but strlcpy() already guaranteed NUL-termination of the destination buffer and subtracting one byte potentially truncated the source string. The incorrect size was then carried over in commit 72f78ae ("NFSD: move from strlcpy with unused retval to strscpy") when switching from strlcpy() to strscpy(). Fix this off-by-one error by using the full size of the destination buffer again. Cc: stable@vger.kernel.org Fixes: 5304877 ("NFSD: Fix strncpy() fortify warning") Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
@@ -1519,7 +1519,7 @@ static __be32 nfsd4_ssc_setup_dul(struct nfsd_net *nn, char *ipaddr,
 		return 0;
 	}
 	if (work) {
-		strscpy(work->nsui_ipaddr, ipaddr, sizeof(work->nsui_ipaddr) - 1);
+		strscpy(work->nsui_ipaddr, ipaddr, sizeof(work->nsui_ipaddr));
 		refcount_set(&work->nsui_refcnt, 2);
 		work->nsui_busy = true;
 		list_add_tail(&work->nsui_list, &nn->nfsd_ssc_mount_list);

Original file line number	Diff line number	Diff line change
`@@ -1519,7 +1519,7 @@ static __be32 nfsd4_ssc_setup_dul(struct nfsd_net nn, char ipaddr,`
`1519`	`1519`	`return 0;`
`1520`	`1520`	`}`
`1521`	`1521`	`if (work) {`
`1522`		`- strscpy(work->nsui_ipaddr, ipaddr, sizeof(work->nsui_ipaddr) - 1);`
	`1522`	`+ strscpy(work->nsui_ipaddr, ipaddr, sizeof(work->nsui_ipaddr));`
`1523`	`1523`	`refcount_set(&work->nsui_refcnt, 2);`
`1524`	`1524`	`work->nsui_busy = true;`
`1525`	`1525`	`list_add_tail(&work->nsui_list, &nn->nfsd_ssc_mount_list);`