From f5ae56b57c528b8d120019274bbe616ce3fb2fa3 Mon Sep 17 00:00:00 2001
From: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
Date: Tue, 5 May 2015 14:38:04 +0200
Subject: [PATCH] osd/ClassHandler.cc: fix STRING_OVERFLOW

CID 1058792 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
 fixed_size_dest: You might overrun the 4097 byte fixed-size string
 cname by copying &pde->d_name[8UL] - 1 without checking the length.

Signed-off-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
---
 src/osd/ClassHandler.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/osd/ClassHandler.cc b/src/osd/ClassHandler.cc
index 6c1f20dbaa3..c52177b7e16 100644
--- a/src/osd/ClassHandler.cc
+++ b/src/osd/ClassHandler.cc
@@ -56,7 +56,7 @@ int ClassHandler::open_all_classes()
 	strncmp(pde->d_name, CLS_PREFIX, sizeof(CLS_PREFIX) - 1) == 0 &&
 	strcmp(pde->d_name + strlen(pde->d_name) - (sizeof(CLS_SUFFIX) - 1), CLS_SUFFIX) == 0) {
       char cname[PATH_MAX + 1];
-      strcpy(cname, pde->d_name + sizeof(CLS_PREFIX) - 1);
+      strncpy(cname, pde->d_name + sizeof(CLS_PREFIX) - 1, sizeof(cname) -1);
       cname[strlen(cname) - (sizeof(CLS_SUFFIX) - 1)] = '\0';
       dout(10) << __func__ << " found " << cname << dendl;
       ClassData *cls;
-- 
2.47.3