BtrfsFileStoreBackend.cc: fix string overflow

author Danny Al-Gaaf <danny.al-gaaf@bisect.de>

Wed, 1 Oct 2014 21:08:15 +0000 (23:08 +0200)

committer Danny Al-Gaaf <danny.al-gaaf@bisect.de>

Wed, 1 Oct 2014 21:08:15 +0000 (23:08 +0200)
author Danny Al-Gaaf <danny.al-gaaf@bisect.de>
Wed, 1 Oct 2014 21:08:15 +0000 (23:08 +0200)
committer Danny Al-Gaaf <danny.al-gaaf@bisect.de>
Wed, 1 Oct 2014 21:08:15 +0000 (23:08 +0200)
diff --git a/src/os/BtrfsFileStoreBackend.cc b/src/os/BtrfsFileStoreBackend.cc

index 356084b9daa535f6528dc7ead2c9eb00425681d6..8c2273344a499689328095a7fe9fcdbfa4df57ac 100644 (file)
--- a/src/os/BtrfsFileStoreBackend.cc
+++ b/src/os/BtrfsFileStoreBackend.cc
@@ -375,7 +375,10 @@ int BtrfsFileStoreBackend::create_checkpoint(const string& name, uint64_t *trans
      memset(&async_args, 0, sizeof(async_args));
      async_args.fd = get_current_fd();
      async_args.flags = BTRFS_SUBVOL_CREATE_ASYNC;
-    strncpy(async_args.name, name.c_str(), sizeof(async_args.name));
+
+    size_t name_size = sizeof(async_args.name);
+    strncpy(async_args.name, name.c_str(), name_size);
+    async_args.name[name_size-1] = '\0';
  
      int r = ::ioctl(get_basedir_fd(), BTRFS_IOC_SNAP_CREATE_V2, &async_args);
      if (r < 0) {
@@ -389,7 +392,10 @@ int BtrfsFileStoreBackend::create_checkpoint(const string& name, uint64_t *trans
      struct btrfs_ioctl_vol_args vol_args;
      memset(&vol_args, 0, sizeof(vol_args));
      vol_args.fd = get_current_fd();
-    strcpy(vol_args.name, name.c_str());
+
+    size_t name_size = sizeof(vol_args.name);
+    strncpy(vol_args.name, name.c_str(), name_size);
+    vol_args.name[name_size-1] = '\0';
  
      int r = ::ioctl(get_basedir_fd(), BTRFS_IOC_SNAP_CREATE, &vol_args);
      if (r < 0) {
author	Danny Al-Gaaf <danny.al-gaaf@bisect.de>
	Wed, 1 Oct 2014 21:08:15 +0000 (23:08 +0200)
committer	Danny Al-Gaaf <danny.al-gaaf@bisect.de>
	Wed, 1 Oct 2014 21:08:15 +0000 (23:08 +0200)