On Mon, Apr 01, 2024 at 11:01:38PM +0000, Justin Stitt wrote: > +++ b/fs/xfs/xfs_ioctl.c > @@ -1755,10 +1755,8 @@ xfs_ioc_getlabel( > /* Paranoia */ > BUILD_BUG_ON(sizeof(sbp->sb_fname) > FSLABEL_MAX); > > - /* 1 larger than sb_fname, so this ensures a trailing NUL char */ > - memset(label, 0, sizeof(label)); > spin_lock(&mp->m_sb_lock); > - strncpy(label, sbp->sb_fname, XFSLABEL_MAX); > + strscpy_pad(label, sbp->sb_fname); The change looks fine, but the 1 larger information is useful and should be kept. Maybe move it up to where the label variable s defined? > spin_unlock(&mp->m_sb_lock); > > if (copy_to_user(user_label, label, sizeof(label))) > diff --git a/fs/xfs/xfs_xattr.c b/fs/xfs/xfs_xattr.c > index 364104e1b38a..b9256988830f 100644 > --- a/fs/xfs/xfs_xattr.c > +++ b/fs/xfs/xfs_xattr.c > @@ -220,11 +220,7 @@ __xfs_xattr_put_listent( > return; > } > offset = context->buffer + context->count; > - memcpy(offset, prefix, prefix_len); > - offset += prefix_len; > - strncpy(offset, (char *)name, namelen); /* real name */ > - offset += namelen; > - *offset = '\0'; > + scnprintf(offset, prefix_len + namelen + 1, "%s%s", prefix, name); If we're using scnprintf we should probably also check that it doesn't get truncated while we're at it. Also please split the label and ioctl and the xatte changes as they aren't related at all.
