Squashfs: remove deprecated strncpy by not copying the string

Squashfs copied the passed string (name) into a temporary buffer to ensure it was NUL-terminated. This however is completely unnecessary as the string is already NUL-terminated. So remove the deprecated strncpy() by completely removing the string copy. The background behind this unnecessary string copy is that it dates back to the days when Squashfs was an out of kernel patch. The code deliberately did not assume the string was NUL-terminated in case in future this changed (due to kernel changes). This would mean the out of tree patches would be broken but still compile OK. Link: https://lkml.kernel.org/r/[email protected] Signed-off-by: Phillip Lougher <[email protected]> Reviewed-by: Kees Cook <[email protected]> Reviewed-by: Justin Stitt <[email protected]> Signed-off-by: Andrew Morton <[email protected]>
torvalds · Apr 26, 2024 · 040bf9a · 040bf9a
1 parent 029c45b
commit 040bf9a
Showing 1 changed file with 4 additions and 10 deletions.
diff --git a/fs/squashfs/namei.c b/fs/squashfs/namei.c
@@ -62,27 +62,21 @@
  */
 static int get_dir_index_using_name(struct super_block *sb,
  u64 *next_block, int *next_offset, u64 index_start,
- int index_offset, int i_count, const char *name,
- int len)
+ int index_offset, int i_count, const char *name)
 {
  struct squashfs_sb_info *msblk = sb->s_fs_info;
  int i, length = 0, err;
  unsigned int size;
  struct squashfs_dir_index *index;
- char *str;
 
  TRACE("Entered get_dir_index_using_name, i_count %d\n", i_count);
 
- index = kmalloc(sizeof(*index) + SQUASHFS_NAME_LEN * 2 + 2, GFP_KERNEL);
+ index = kmalloc(sizeof(*index) + SQUASHFS_NAME_LEN + 1, GFP_KERNEL);
  if (index == NULL) {
  ERROR("Failed to allocate squashfs_dir_index\n");
  goto out;
  }
 
- str = &index->name[SQUASHFS_NAME_LEN + 1];
- strncpy(str, name, len);
- str[len] = '\0';
-
  for (i = 0; i < i_count; i++) {
  err = squashfs_read_metadata(sb, index, &index_start,
  &index_offset, sizeof(*index));
@@ -101,7 +95,7 @@ static int get_dir_index_using_name(struct super_block *sb,
 
  index->name[size] = '\0';
 
- if (strcmp(index->name, str) > 0)
+ if (strcmp(index->name, name) > 0)
  break;
 
  length = le32_to_cpu(index->index);
@@ -153,7 +147,7 @@ static struct dentry *squashfs_lookup(struct inode *dir, struct dentry *dentry,
  length = get_dir_index_using_name(dir->i_sb, &block, &offset,
  squashfs_i(dir)->dir_idx_start,
  squashfs_i(dir)->dir_idx_offset,
- squashfs_i(dir)->dir_idx_cnt, name, len);
+ squashfs_i(dir)->dir_idx_cnt, name);
 
  while (length < i_size_read(dir)) {
  /*