From: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
Date: Fri, 13 Mar 2015 12:50:04 +0000 (+0100)
Subject: blkdev.cc: fix STRING_OVERFLOW
X-Git-Tag: v9.0.0~95^2~5
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=9a3a8a032e105f8682b32ebd6fa5a63e5ec5bb23;p=ceph.git

blkdev.cc: fix STRING_OVERFLOW

Fix for:

CID 1258439 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
 2. fixed_size_dest: You might overrun the 4096 byte fixed-size
    string devname by copying dev + 5 without checking the length.

Signed-off-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
---

diff --git a/src/common/blkdev.cc b/src/common/blkdev.cc
index 70dde42010fb..9bce80315784 100644
--- a/src/common/blkdev.cc
+++ b/src/common/blkdev.cc
@@ -57,7 +57,8 @@ int get_block_device_base(const char *dev, char *out, size_t out_len)
   if (strncmp(dev, "/dev/", 5) != 0)
     return -EINVAL;
 
-  strcpy(devname, dev + 5);
+  strncpy(devname, dev + 5, PATH_MAX-1);
+  devname[PATH_MAX-1] = '\0';
   for (p = devname; *p; ++p)
     if (*p == '/')
       *p = '!';