From cac15c7d8b99037733fcdc237c419b78f9b6b83e Mon Sep 17 00:00:00 2001
From: John Spray <john.spray@inktank.com>
Date: Tue, 22 Apr 2014 16:31:27 +0100
Subject: [PATCH] mds: make strncpy in ::respawn safer

Previous code assumed null terminated argv[0]
was not longer than PATH_MAX and the resulting
strncpy was not strictly safe.

Modify the bounds to ensure that copy will not
result in an unterminated string if argv[0]
is oversized.

Signed-off-by: John Spray <john.spray@inktank.com>
---
 src/mds/MDS.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mds/MDS.cc b/src/mds/MDS.cc
index e717dd7f762b9..1d9015a22eb61 100644
--- a/src/mds/MDS.cc
+++ b/src/mds/MDS.cc
@@ -1711,7 +1711,7 @@ void MDS::respawn()
     dout(1) << " cwd " << cwd << dendl;
 
     /* Fall back to a best-effort: just running in our CWD */
-    strncpy(exe_path, orig_argv[0], sizeof(exe_path));
+    strncpy(exe_path, orig_argv[0], sizeof(exe_path) - 1);
   }
 
   dout(1) << " exe_path " << exe_path << dendl;
-- 
2.39.5