[dm-devel] [PATCH 07/30] libmpathcmd: use target length in strncpy() call
Benjamin Marzinski
bmarzins at redhat.com
Fri Jun 21 19:23:07 UTC 2019
On Fri, Jun 07, 2019 at 03:05:29PM +0200, Martin Wilck wrote:
Not a big deal since default socket is a defined string, but since we
are writing to &addr.sun_path[1], if DEFAULT_SOCKET were of size >=
"sizeof(addr.sun_path) - 1", the strncpy() would fill all of
addr.sun_path, without leaving any space for the the null byte at the
end. I assume you meant to change this to be strlcpy() instead of
leaving it as strncpy().
-Ben
> Signed-off-by: Martin Wilck <mwilck at suse.com>
> ---
> libmpathcmd/mpath_cmd.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libmpathcmd/mpath_cmd.c b/libmpathcmd/mpath_cmd.c
> index b681311b..05b69316 100644
> --- a/libmpathcmd/mpath_cmd.c
> +++ b/libmpathcmd/mpath_cmd.c
> @@ -104,7 +104,7 @@ int __mpath_connect(int nonblocking)
> addr.sun_family = AF_LOCAL;
> addr.sun_path[0] = '\0';
> len = strlen(DEFAULT_SOCKET) + 1 + sizeof(sa_family_t);
> - strncpy(&addr.sun_path[1], DEFAULT_SOCKET, len);
> + strncpy(&addr.sun_path[1], DEFAULT_SOCKET, sizeof(addr.sun_path) - 1);
>
> fd = socket(AF_LOCAL, SOCK_STREAM, 0);
> if (fd == -1)
> --
> 2.21.0
More information about the dm-devel
mailing list