| To: | xfs-oss <xfs@xxxxxxxxxxx> |
|---|---|
| Subject: | [PATCH] xfsprogs: properly terminate string in quota's restore_file() |
| From: | Eric Sandeen <sandeen@xxxxxxxxxx> |
| Date: | Tue, 25 Aug 2015 11:39:29 -0500 |
| Delivered-to: | xfs@xxxxxxxxxxx |
This code copies up to the entire size of devbuffer, and then
tries to use "strlen" to null terminate it.
But strlen works by *finding* the null, so it's at best a
no-op, and at worst not properly terminating the string.
Fix this by placing the null at the last byte of the buffer.
Addresses-Coverity-Id: 1297519
Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxx>
---
diff --git a/quota/edit.c b/quota/edit.c
index d226e89..a53a7e6 100644
--- a/quota/edit.c
+++ b/quota/edit.c
@@ -385,7 +385,7 @@ restore_file(
while (fgets(buffer, sizeof(buffer), fp) != NULL) {
if (strncmp("fs = ", buffer, 5) == 0) {
dev = strncpy(devbuffer, buffer+5, sizeof(devbuffer));
- dev[strlen(dev) - 1] = '\0';
+ dev[sizeof(devbuffer) - 1] = '\0';
continue;
}
rtbsoft = rtbhard = 0;
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: hello, my xfs has a probelm. does anybody know this?thank you, Eric Sandeen |
|---|---|
| Next by Date: | Re: Cant mount xfs lvm. Experimental Features?, Marko Weber|8000 |
| Previous by Thread: | [PATCH] fstests: Add test of rename, Jan Kara |
| Next by Thread: | Re: [PATCH] xfsprogs: properly terminate string in quota's restore_file(), Brian Foster |
| Indexes: | [Date] [Thread] [Top] [All Lists] |