From: Jason Dillaman <dillaman@redhat.com>
Date: Tue, 20 Sep 2016 11:25:36 +0000 (-0400)
Subject: librbd: block name prefix might overflow fixed size C-string
X-Git-Tag: v10.2.4~29^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=b73356b500f9ff364c09e6d78e62fc0e79fbfbac;p=ceph.git

librbd: block name prefix might overflow fixed size C-string

The issue which resulted in too large v2 image ids was fixed
under #16887.

Fixes: http://tracker.ceph.com/issues/17310
Signed-off-by: Jason Dillaman <dillaman@redhat.com>
(cherry picked from commit 61734d266c6ee476c2f5fcfbbaefc7d0c7939617)
---

diff --git a/src/librbd/internal.cc b/src/librbd/internal.cc
index a999f6f79b0d..de75c1859ef5 100644
--- a/src/librbd/internal.cc
+++ b/src/librbd/internal.cc
@@ -469,9 +469,10 @@ int mirror_image_disable_internal(ImageCtx *ictx, bool force,
     info.obj_size = 1ULL << obj_order;
     info.num_objs = Striper::get_num_objects(ictx->layout, info.size);
     info.order = obj_order;
-    memcpy(&info.block_name_prefix, ictx->object_prefix.c_str(),
-	   min((size_t)RBD_MAX_BLOCK_NAME_SIZE,
-	       ictx->object_prefix.length() + 1));
+    strncpy(info.block_name_prefix, ictx->object_prefix.c_str(),
+            RBD_MAX_BLOCK_NAME_SIZE);
+    info.block_name_prefix[RBD_MAX_BLOCK_NAME_SIZE - 1] = '\0';
+
     // clear deprecated fields
     info.parent_pool = -1L;
     info.parent_name[0] = '\0';