From: Thorsten Blum Date: Wed, 6 Aug 2025 01:10:01 +0000 (+0200) Subject: NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=ab1c282c010c4f327bd7addc3c0035fd8e3c1721;p=users%2Fhch%2Fmisc.git NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() Commit 5304877936c0 ("NFSD: Fix strncpy() fortify warning") replaced strncpy(,, sizeof(..)) with strlcpy(,, sizeof(..) - 1), but strlcpy() already guaranteed NUL-termination of the destination buffer and subtracting one byte potentially truncated the source string. The incorrect size was then carried over in commit 72f78ae00a8e ("NFSD: move from strlcpy with unused retval to strscpy") when switching from strlcpy() to strscpy(). Fix this off-by-one error by using the full size of the destination buffer again. Cc: stable@vger.kernel.org Fixes: 5304877936c0 ("NFSD: Fix strncpy() fortify warning") Signed-off-by: Thorsten Blum Signed-off-by: Chuck Lever --- diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index bfebe6e25638..d7c58aa64f06 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -1519,7 +1519,7 @@ try_again: return 0; } if (work) { - strscpy(work->nsui_ipaddr, ipaddr, sizeof(work->nsui_ipaddr) - 1); + strscpy(work->nsui_ipaddr, ipaddr, sizeof(work->nsui_ipaddr)); refcount_set(&work->nsui_refcnt, 2); work->nsui_busy = true; list_add_tail(&work->nsui_list, &nn->nfsd_ssc_mount_list);