blkdev.cc: fix STRING_OVERFLOW

Fix for: CID 1258439 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 2. fixed_size_dest: You might overrun the 4096 byte fixed-size string devname by copying dev + 5 without checking the length. Signed-off-by: Danny Al-Gaaf <[email protected]>
linuxbox2 · Mar 17, 2015 · 9a3a8a0 · 9a3a8a0
1 parent e221463
commit 9a3a8a0
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/common/blkdev.cc b/src/common/blkdev.cc
@@ -57,7 +57,8 @@ int get_block_device_base(const char *dev, char *out, size_t out_len)
   if (strncmp(dev, "/dev/", 5) != 0)
     return -EINVAL;
 
-  strcpy(devname, dev + 5);
+  strncpy(devname, dev + 5, PATH_MAX-1);
+  devname[PATH_MAX-1] = '\0';
   for (p = devname; *p; ++p)
     if (*p == '/')
       *p = '!';