[dm-devel] [PATCH v2 15/30] libmultipath: Fix buffer overflow in parse_vpd_pg80()

Mon Jun 24 09:27:41 UTC 2019

We set out[len] = '\0' later, thus we should set len to no more then
out_len - 1.

Fixes: 756ef73b7197 "Separate out vpd parsing functions"
Signed-off-by: Martin Wilck <mwilck at suse.com>
---
 libmultipath/discovery.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libmultipath/discovery.c b/libmultipath/discovery.c
index f360e306..89c4d2ad 100644
--- a/libmultipath/discovery.c
+++ b/libmultipath/discovery.c
@@ -913,7 +913,7 @@ parse_vpd_pg80(const unsigned char *in, char *out, size_t out_len)
 	if (len >= out_len) {
 		condlog(2, "vpd pg80 overflow, %d/%d bytes required",
 			len, (int)out_len);
-		len = out_len;
+		len = out_len - 1;
 	}
 	if (len > 0) {
 		memcpy(out, in + 4, len);
-- 
2.21.0


