mdadm/0160-mdadm-sysfs.c-fix-coverity-issues.patch

57 lines
1.7 KiB
Diff
Raw Normal View History

From 18eaf6c5206a37ad059c930d1ee2dbc9b7297513 Mon Sep 17 00:00:00 2001
From: Nigel Croxon <ncroxon@redhat.com>
Date: Thu, 18 Jul 2024 13:05:57 -0400
Subject: [PATCH 160/201] mdadm: sysfs.c fix coverity issues
Fixing the following coding errors the coverity tools found:
* Event fixed_size_dest: You might overrun the 32-character
fixed-size string "mdi->sys_name" by copying "devnm" without
checking the length
* Event fixed_size_dest: You might overrun the 50-character
fixed-size string "sra->text_version" by copying "buf + 9"
without checking the length.
* Event string_overflow: You might overrun the 32-character
destination string "dev->sys_name" by writing 256 characters
from "de->d_name".
Signed-off-by: Nigel Croxon <ncroxon@redhat.com>
---
sysfs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sysfs.c b/sysfs.c
index 20fe1e9e..b3c8b10d 100644
--- a/sysfs.c
+++ b/sysfs.c
@@ -139,7 +139,7 @@ int sysfs_init(struct mdinfo *mdi, int fd, char *devnm)
goto out;
if (!S_ISDIR(stb.st_mode))
goto out;
- strcpy(mdi->sys_name, devnm);
+ strncpy(mdi->sys_name, devnm, sizeof(mdi->sys_name) - 1);
retval = 0;
out:
@@ -179,6 +179,7 @@ struct mdinfo *sysfs_read(int fd, char *devnm, unsigned long options)
sra->array.major_version = -1;
sra->array.minor_version = -2;
strcpy(sra->text_version, buf+9);
+ sra->text_version[sizeof(sra->text_version) - 1] = '\0';
} else {
sscanf(buf, "%d.%d",
&sra->array.major_version,
@@ -340,6 +341,7 @@ struct mdinfo *sysfs_read(int fd, char *devnm, unsigned long options)
}
strcpy(dev->sys_name, de->d_name);
+ dev->sys_name[sizeof(dev->sys_name) - 1] = '\0';
dev->disk.raid_disk = strtoul(buf, &ep, 10);
if (*ep) dev->disk.raid_disk = -1;
--
2.41.0