This is a note to let you know that I've just added the patch titled
NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
to the 5.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
nfsd-cap-the-number-of-bytes-copied-by-nfs4_reset_re.patch
and it can be found in the queue-5.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 5bbb4cd3e7dec786242b7cf9e9d2bda3c2aab410
Author: Chuck Lever <chuck.lever@xxxxxxxxxx>
Date: Thu Oct 17 11:03:56 2024 -0400
NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
[ Upstream commit f64ea4af43161bb86ffc77e6aeb5bcf5c3229df0 ]
It's only current caller already length-checks the string, but let's
be safe.
Fixes: 0964a3d3f1aa ("[PATCH] knfsd: nfsd4 reboot dirname fix")
Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx>
Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 2cc543f6c410f..71e7bd23d5c45 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -658,7 +658,8 @@ nfs4_reset_recoverydir(char *recdir)
return status;
status = -ENOTDIR;
if (d_is_dir(path.dentry)) {
- strcpy(user_recovery_dirname, recdir);
+ strscpy(user_recovery_dirname, recdir,
+ sizeof(user_recovery_dirname));
status = 0;
}
path_put(&path);
