blkdev.cc: fix STRING_OVERFLOW

Fix for:

CID 1258439 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
 2. fixed_size_dest: You might overrun the 4096 byte fixed-size
    string devname by copying dev + 5 without checking the length.

Signed-off-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>

diff --git a/src/common/blkdev.cc b/src/common/blkdev.cc
index 70dde42010fbbda53a4f157dda1831272693fd19..9bce8031578418bd7219e9b8e8fad55e891e3ad5 100644 (file)
--- a/src/common/blkdev.cc
+++ b/src/common/blkdev.cc
@@ -57,7 +57,8 @@ int get_block_device_base(const char *dev, char *out, size_t out_len)
   if (strncmp(dev, "/dev/", 5) != 0)
     return -EINVAL;
 
-  strcpy(devname, dev + 5);
+  strncpy(devname, dev + 5, PATH_MAX-1);
+  devname[PATH_MAX-1] = '\0';
   for (p = devname; *p; ++p)
     if (*p == '/')
       *p = '!';