Overview

File 0060-mdadm-fix-a-buffer-overflow.patch of Package mdadm.7129

From 474267015b492308d5f410e3568c6cb3d370c688 Mon Sep 17 00:00:00 2001
From: Song Liu <songliubraving@fb.com>
Date: Thu, 8 Sep 2016 11:21:07 -0700
Subject: [PATCH 305/359] mdadm: fix a buffer overflow
References: bsc#1007154 

struct mdp_superblock_1.set_name is 32B long, but struct mdinfo.name
is 33B long. So we need strncpy instead strcpy to avoid buffer
overflow.

Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Coly Li <colyli@suse.de>

---
 super1.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/super1.c b/super1.c
index f3e4023..9f62d23 100644
--- a/super1.c
+++ b/super1.c
@@ -1294,7 +1294,7 @@ static int update_super1(struct supertype *st, struct mdinfo *info,
 			strcat(sb->set_name, ":");
 			strcat(sb->set_name, info->name);
 		} else
-			strcpy(sb->set_name, info->name);
+			strncpy(sb->set_name, info->name, sizeof(sb->set_name));
 	} else if (strcmp(update, "devicesize") == 0 &&
 	    __le64_to_cpu(sb->super_offset) <
 	    __le64_to_cpu(sb->data_offset)) {
@@ -1444,7 +1444,7 @@ static int init_super1(struct supertype *st, mdu_array_info_t *info,
 		strcat(sb->set_name, ":");
 		strcat(sb->set_name, name);
 	} else
-		strcpy(sb->set_name, name);
+		strncpy(sb->set_name, name, sizeof(sb->set_name));
 
 	sb->ctime = __cpu_to_le64((unsigned long long)time(0));
 	sb->level = __cpu_to_le32(info->level);
-- 
2.16.1
openSUSE Build Service is sponsored by
Places