You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
mdadm/SOURCES/0119-mapfile.c-Fix-STRING_O...

41 lines
1.3 KiB

From 48c365376ce7763fd9a9e7735b1e9ec5d0ff1631 Mon Sep 17 00:00:00 2001
From: Anna Sztukowska <anna.sztukowska@intel.com>
Date: Wed, 3 Jul 2024 14:11:58 +0200
Subject: [PATCH 119/157] mapfile.c: Fix STRING_OVERFLOW issue
Fix STRING_OVERFLOW issue found by SAST analysis in map_add() and
map_update() in mapfile.c.
Signed-off-by: Anna Sztukowska <anna.sztukowska@intel.com>
---
mapfile.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/mapfile.c b/mapfile.c
index f1f3ee2c..ea9837ac 100644
--- a/mapfile.c
+++ b/mapfile.c
@@ -165,8 +165,8 @@ void map_add(struct map_ent **melp,
{
struct map_ent *me = xmalloc(sizeof(*me));
- strcpy(me->devnm, devnm);
- strcpy(me->metadata, metadata);
+ snprintf(me->devnm, sizeof(me->devnm), "%s", devnm);
+ snprintf(me->metadata, sizeof(me->metadata), "%s", metadata);
memcpy(me->uuid, uuid, 16);
me->path = path ? xstrdup(path) : NULL;
me->next = *melp;
@@ -227,7 +227,7 @@ int map_update(struct map_ent **mpp, char *devnm, char *metadata,
for (mp = map ; mp ; mp=mp->next)
if (strcmp(mp->devnm, devnm) == 0) {
- strcpy(mp->metadata, metadata);
+ snprintf(mp->metadata, sizeof(mp->metadata), "%s", metadata);
memcpy(mp->uuid, uuid, 16);
free(mp->path);
mp->path = path ? xstrdup(path) : NULL;
--
2.41.0