[dm-devel] [PATCH 15/30] libmultipath: Fix buffer overflow in parse_vpd_pg80()
Martin Wilck
mwilck at suse.com
Fri Jun 7 13:05:37 UTC 2019
We set out[len] = '\0' later, thus we should set len to no more then
out_len - 1.
Fixes: 756ef73b7197 "Separate out vpd parsing functions"
Signed-off-by: Martin Wilck <mwilck at suse.com>
---
libmultipath/discovery.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libmultipath/discovery.c b/libmultipath/discovery.c
index f360e306..89c4d2ad 100644
--- a/libmultipath/discovery.c
+++ b/libmultipath/discovery.c
@@ -913,7 +913,7 @@ parse_vpd_pg80(const unsigned char *in, char *out, size_t out_len)
if (len >= out_len) {
condlog(2, "vpd pg80 overflow, %d/%d bytes required",
len, (int)out_len);
- len = out_len;
+ len = out_len - 1;
}
if (len > 0) {
memcpy(out, in + 4, len);
--
2.21.0
More information about the dm-devel
mailing list