scsi: target: Replace deprecated strncpy() with strscpy()

strncpy() is deprecated for NUL-terminated destination buffers; use
strscpy() instead. The destination buffer db_root is only used with "%s"
format strings and must therefore be NUL-terminated, but not NUL-padded.

Use scnprintf() because snprintf() could return a value >= DB_ROOT_LEN
and lead to an out-of-bounds access. This doesn't happen because count
is explicitly checked against DB_ROOT_LEN before. However, scnprintf()
always returns the number of characters actually written to the string
buffer, which is always within the bounds of db_root_stage, and should
be preferred over snprintf().

The size parameter of strscpy() is optional and since DB_ROOT_LEN is the
size of the destination buffer, it can be removed. Remove it to simplify
the code.

Compile-tested only.

Link: KSPP/linux#90
Link: KSPP/linux#105
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Link: https://lore.kernel.org/r/20250302225641.245127-2-thorsten.blum@linux.dev
Reviewed-by: Kees Cook <kees@kernel.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Author: toblux

drivers/target/target_core_configfs.c

@@ -123,7 +123,7 @@ static ssize_t target_core_item_dbroot_store(struct config_item *item,
 		goto unlock;
 	}
 
-	read_bytes = snprintf(db_root_stage, DB_ROOT_LEN, "%s", page);
+	read_bytes = scnprintf(db_root_stage, DB_ROOT_LEN, "%s", page);
 	if (!read_bytes)
 		goto unlock;
 
@@ -143,7 +143,7 @@ static ssize_t target_core_item_dbroot_store(struct config_item *item,
 	}
 	filp_close(fp, NULL);
 
-	strncpy(db_root, db_root_stage, read_bytes);
+	strscpy(db_root, db_root_stage);
 	pr_debug("Target_Core_ConfigFS: db_root set to %s\n", db_root);
 
 	r = read_bytes;
@@ -3664,7 +3664,7 @@ static void target_init_dbroot(void)
 	}
 	filp_close(fp, NULL);
 
-	strncpy(db_root, db_root_stage, DB_ROOT_LEN);
+	strscpy(db_root, db_root_stage);
 	pr_debug("Target_Core_ConfigFS: db_root set to %s\n", db_root);
 }