From: Hyunchul Lee hyc.lee@gmail.com
mainline inclusion from mainline-5.15-rc1 commit 1d904eaf3f99565bdeffbed359e44dd88efbef02 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA
Reference: https://git.kernel.org/torvalds/linux/c/1d904eaf3f99
-------------------------------
Kernel test bot reports the following warnings:
In function 'ndr_write_string', inlined from 'ndr_encode_dos_attr' at fs/ksmbd/ndr.c:136:3:
fs/ksmbd/ndr.c:70:2: warning: 'strncpy' destination unchanged after
copying no bytes [-Wstringop-truncation] 70 | strncpy(PAYLOAD_HEAD(n), value, sz); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function 'ndr_write_string', inlined from 'ndr_encode_dos_attr' at fs/ksmbd/ndr.c:134:3:
fs/ksmbd/ndr.c:70:2: warning: 'strncpy' output truncated before
terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] 70 | strncpy(PAYLOAD_HEAD(n), value, sz); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/ksmbd/ndr.c: In function 'ndr_encode_dos_attr': fs/ksmbd/ndr.c:134:3: note: length computed here 134 | ndr_write_string(n, hex_attr, strlen(hex_attr)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reported-by: kernel test robot lkp@intel.com Signed-off-by: Hyunchul Lee hyc.lee@gmail.com Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com Signed-off-by: Zhong Jinghua zhongjinghua@huawei.com --- fs/ksmbd/ndr.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/fs/ksmbd/ndr.c b/fs/ksmbd/ndr.c index bcf13a2aa9d4..50872377608d 100644 --- a/fs/ksmbd/ndr.c +++ b/fs/ksmbd/ndr.c @@ -65,13 +65,15 @@ static int ndr_write_bytes(struct ndr *n, void *value, size_t sz) return 0; }
-static int ndr_write_string(struct ndr *n, void *value, size_t sz) +static int ndr_write_string(struct ndr *n, char *value) { + size_t sz; + + sz = strlen(value) + 1; if (n->length <= n->offset + sz) try_to_realloc_ndr_blob(n, sz);
- strncpy(ndr_get_field(n), value, sz); - sz++; + memcpy(ndr_get_field(n), value, sz); n->offset += sz; n->offset = ALIGN(n->offset, 2); return 0; @@ -134,9 +136,9 @@ int ndr_encode_dos_attr(struct ndr *n, struct xattr_dos_attrib *da)
if (da->version == 3) { snprintf(hex_attr, 10, "0x%x", da->attr); - ndr_write_string(n, hex_attr, strlen(hex_attr)); + ndr_write_string(n, hex_attr); } else { - ndr_write_string(n, "", strlen("")); + ndr_write_string(n, ""); } ndr_write_int16(n, da->version); ndr_write_int32(n, da->version);