From 899ba61fa695ae8e58599da25d174afa392fd552 Mon Sep 17 00:00:00 2001
From: Eric Sandeen <sandeen@redhat.com>
Date: Fri, 25 Jan 2013 13:27:48 -0600
Subject: btrfs-progs: fix overflows of ioctl name args

3 places where we copy pathnames into ioctl arguments
were not limited to the destination name size, and
could overflow.  Use the new strncpy_null() macro
to make this safe.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
---
 cmds-receive.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'cmds-receive.c')

diff --git a/cmds-receive.c b/cmds-receive.c
index e6291744..6688d0c8 100644
--- a/cmds-receive.c
+++ b/cmds-receive.c
@@ -43,6 +43,7 @@
 #include "ctree.h"
 #include "ioctl.h"
 #include "commands.h"
+#include "utils.h"
 #include "list.h"
 
 #include "send.h"
@@ -165,7 +166,7 @@ static int process_subvol(const char *path, const u8 *uuid, u64 ctransid,
 	}
 
 	memset(&args_v1, 0, sizeof(args_v1));
-	strcpy(args_v1.name, path);
+	strncpy_null(args_v1.name, path);
 	ret = ioctl(r->mnt_fd, BTRFS_IOC_SUBVOL_CREATE, &args_v1);
 	if (ret < 0) {
 		ret = -errno;
@@ -213,7 +214,7 @@ static int process_snapshot(const char *path, const u8 *uuid, u64 ctransid,
 	}
 
 	memset(&args_v2, 0, sizeof(args_v2));
-	strcpy(args_v2.name, path);
+	strncpy_null(args_v2.name, path);
 
 	r->parent_subvol = subvol_uuid_search(&r->sus, 0, parent_uuid,
 			parent_ctransid, NULL, subvol_search_by_received_uuid);
-- 
cgit v1.2.3