librbd: block name prefix might overflow fixed size C-string

author Jason Dillaman <dillaman@redhat.com>

Tue, 20 Sep 2016 11:25:36 +0000 (07:25 -0400)

committer Loic Dachary <ldachary@redhat.com>

Thu, 13 Oct 2016 08:26:47 +0000 (10:26 +0200)
author Jason Dillaman <dillaman@redhat.com>
Tue, 20 Sep 2016 11:25:36 +0000 (07:25 -0400)
committer Loic Dachary <ldachary@redhat.com>
Thu, 13 Oct 2016 08:26:47 +0000 (10:26 +0200)
diff --git a/src/librbd/internal.cc b/src/librbd/internal.cc

index a999f6f79b0d178018e9d8f50e5f6cdea0b7a243..de75c1859ef55c207982c6119bbac4bf2947b5de 100644 (file)
--- a/src/librbd/internal.cc
+++ b/src/librbd/internal.cc
@@ -469,9 +469,10 @@ int mirror_image_disable_internal(ImageCtx *ictx, bool force,
      info.obj_size = 1ULL << obj_order;
      info.num_objs = Striper::get_num_objects(ictx->layout, info.size);
      info.order = obj_order;
-    memcpy(&info.block_name_prefix, ictx->object_prefix.c_str(),
-          min((size_t)RBD_MAX_BLOCK_NAME_SIZE,
-              ictx->object_prefix.length() + 1));
+    strncpy(info.block_name_prefix, ictx->object_prefix.c_str(),
+            RBD_MAX_BLOCK_NAME_SIZE);
+    info.block_name_prefix[RBD_MAX_BLOCK_NAME_SIZE - 1] = '\0';
+
      // clear deprecated fields
      info.parent_pool = -1L;
      info.parent_name[0] = '\0';
author	Jason Dillaman <dillaman@redhat.com>
	Tue, 20 Sep 2016 11:25:36 +0000 (07:25 -0400)
committer	Loic Dachary <ldachary@redhat.com>
	Thu, 13 Oct 2016 08:26:47 +0000 (10:26 +0200)