diff options
author | Jim Meyering <meyering@redhat.com> | 2012-04-20 21:27:25 +0200 |
---|---|---|
committer | Hugo Mills <hugo@carfax.org.uk> | 2012-06-05 19:56:20 +0100 |
commit | 54e345b5c2339dee170595f686dbd26937620262 (patch) | |
tree | b1b5c2267023e9d117906d979a042536c17b0d31 /utils.c | |
parent | 47f029cc8bcf5a03ef6ee939fcb64007aafa50c4 (diff) |
avoid several strncpy-induced buffer overruns
* restore.c (main): Ensure strncpy-copied dir_name is NUL-terminated.
* btrfsctl.c (main): Likewise, for a command-line argument.
* utils.c (multiple functions): Likewise.
* btrfs-list.c (add_root): Likewise.
* btrfslabel.c (change_label_unmounted): Likewise.
* cmds-device.c (cmd_add_dev, cmd_rm_dev, cmd_scan_dev): Likewise.
* cmds-filesystem.c (cmd_resize): Likewise.
* cmds-subvolume.c (cmd_subvol_create, cmd_subvol_delete, cmd_snapshot):
Likewise.
Reviewed-by: Josef Bacik <josef@redhat.com>
Diffstat (limited to 'utils.c')
-rw-r--r-- | utils.c | 13 |
1 files changed, 10 insertions, 3 deletions
@@ -657,9 +657,11 @@ int resolve_loop_device(const char* loop_dev, char* loop_file, int max_len) ret_ioctl = ioctl(loop_fd, LOOP_GET_STATUS, &loopinfo); close(loop_fd); - if (ret_ioctl == 0) + if (ret_ioctl == 0) { strncpy(loop_file, loopinfo.lo_name, max_len); - else + if (max_len > 0) + loop_file[max_len-1] = 0; + } else return -errno; return 0; @@ -860,8 +862,10 @@ int check_mounted_where(int fd, const char *file, char *where, int size, } /* Did we find an entry in mnt table? */ - if (mnt && size && where) + if (mnt && size && where) { strncpy(where, mnt->mnt_dir, size); + where[size-1] = 0; + } if (fs_dev_ret) *fs_dev_ret = fs_devices_mnt; @@ -893,6 +897,8 @@ int get_mountpt(char *dev, char *mntpt, size_t size) if (strcmp(dev, mnt->mnt_fsname) == 0) { strncpy(mntpt, mnt->mnt_dir, size); + if (size) + mntpt[size-1] = 0; break; } } @@ -925,6 +931,7 @@ void btrfs_register_one_device(char *fname) return; } strncpy(args.name, fname, BTRFS_PATH_NAME_MAX); + args.name[BTRFS_PATH_NAME_MAX-1] = 0; ret = ioctl(fd, BTRFS_IOC_SCAN_DEV, &args); e = errno; if(ret<0){ |