From ae6d2ebd2398d573d26602d58b645cf484af72d4 Mon Sep 17 00:00:00 2001
From: "Adam C. Emerson" <aemerson@redhat.com>
Date: Tue, 8 May 2018 16:42:56 -0400
Subject: [PATCH] blkdev: Check return of snprintf and error on truncation

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit 1683aed5395fb2c195a25715a3dedb83db871fc1)
---
 src/common/blkdev.cc | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/common/blkdev.cc b/src/common/blkdev.cc
index 2e32b9dc969ab..0cd5bafd2acfc 100644
--- a/src/common/blkdev.cc
+++ b/src/common/blkdev.cc
@@ -89,7 +89,10 @@ int get_block_device_base(const char *dev, char *out, size_t out_len)
     if (*p == '/')
       *p = '!';
 
-  snprintf(fn, sizeof(fn), "%s/sys/block/%s", sandbox_dir, devname);
+  if (static_cast<size_t>(snprintf(fn, sizeof(fn), "%s/sys/block/%s",
+                                   sandbox_dir, devname))
+      >= sizeof(fn))
+    return -ERANGE;
   if (stat(fn, &st) == 0) {
     if (strlen(devname) + 1 > out_len) {
       return -ERANGE;
@@ -107,8 +110,10 @@ int get_block_device_base(const char *dev, char *out, size_t out_len)
   while ((de = ::readdir(dir))) {
     if (de->d_name[0] == '.')
       continue;
-    snprintf(fn, sizeof(fn), "%s/sys/block/%s/%s", sandbox_dir, de->d_name,
-	     devname);
+    if (static_cast<size_t>(snprintf(fn, sizeof(fn), "%s/sys/block/%s/%s",
+                                     sandbox_dir, de->d_name,
+                                     devname)) >= sizeof(fn))
+      return -ERANGE;
 
     if (stat(fn, &st) == 0) {
       // match!
-- 
2.39.5