osd/ClassHandler.cc: fix STRING_OVERFLOW

CID 1058792 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
 fixed_size_dest: You might overrun the 4097 byte fixed-size string
 cname by copying &pde->d_name[8UL] - 1 without checking the length.

Signed-off-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>

diff --git a/src/osd/ClassHandler.cc b/src/osd/ClassHandler.cc
index 6c1f20dbaa3a232a498083e0b905fe52057ae6a2..c52177b7e169038528b98c6c3843a7a75b4b2dee 100644 (file)
--- a/src/osd/ClassHandler.cc
+++ b/src/osd/ClassHandler.cc
@@ -56,7 +56,7 @@ int ClassHandler::open_all_classes()
        strncmp(pde->d_name, CLS_PREFIX, sizeof(CLS_PREFIX) - 1) == 0 &&
        strcmp(pde->d_name + strlen(pde->d_name) - (sizeof(CLS_SUFFIX) - 1), CLS_SUFFIX) == 0) {
       char cname[PATH_MAX + 1];
-      strcpy(cname, pde->d_name + sizeof(CLS_PREFIX) - 1);
+      strncpy(cname, pde->d_name + sizeof(CLS_PREFIX) - 1, sizeof(cname) -1);
       cname[strlen(cname) - (sizeof(CLS_SUFFIX) - 1)] = '\0';
       dout(10) << __func__ << " found " << cname << dendl;
       ClassData *cls;