From 54e345b5c2339dee170595f686dbd26937620262 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Fri, 20 Apr 2012 21:27:25 +0200
Subject: avoid several strncpy-induced buffer overruns

* restore.c (main): Ensure strncpy-copied dir_name is NUL-terminated.
* btrfsctl.c (main): Likewise, for a command-line argument.
* utils.c (multiple functions): Likewise.
* btrfs-list.c (add_root): Likewise.
* btrfslabel.c (change_label_unmounted): Likewise.
* cmds-device.c (cmd_add_dev, cmd_rm_dev, cmd_scan_dev): Likewise.
* cmds-filesystem.c (cmd_resize): Likewise.
* cmds-subvolume.c (cmd_subvol_create, cmd_subvol_delete, cmd_snapshot):
Likewise.

Reviewed-by: Josef Bacik <josef@redhat.com>
---
 restore.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'restore.c')

diff --git a/restore.c b/restore.c
index 26748324..d1ac5420 100644
--- a/restore.c
+++ b/restore.c
@@ -846,7 +846,8 @@ int main(int argc, char **argv)
 
 	memset(path_name, 0, 4096);
 
-	strncpy(dir_name, argv[optind + 1], 128);
+	strncpy(dir_name, argv[optind + 1], sizeof dir_name);
+	dir_name[sizeof dir_name - 1] = 0;
 
 	/* Strip the trailing / on the dir name */
 	len = strlen(dir_name);
-- 
cgit v1.2.3