[PATCH 1/8] libhandle: Guard against string overflow in path_to_fspath()
Eric Sandeen
sandeen at redhat.com
Sat Jan 26 16:40:25 CST 2013
path_to_fspath does a blind strcpy into an array of
MAXPATHLEN; we should be sure to limit this so that it
does not go over the size of the array.
I don't think I see a way to get here today with a too-long
path, but I don't think it'll hurt to be defensive.
Signed-off-by: Eric Sandeen <sandeen at redhat.com>
---
libhandle/handle.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/libhandle/handle.c b/libhandle/handle.c
index b1ec5f2..9a232fa 100644
--- a/libhandle/handle.c
+++ b/libhandle/handle.c
@@ -158,7 +158,8 @@ path_to_fspath(char *path)
if (S_ISREG(statbuf.st_mode) || S_ISDIR(statbuf.st_mode))
return path;
- strcpy(dirpath, path);
+ strncpy(dirpath, path, MAXPATHLEN);
+ dirpath[MAXPATHLEN-1] = '\0';
return dirname(dirpath);
}
--
1.7.1
More information about the xfs
mailing list