From 18eaf6c5206a37ad059c930d1ee2dbc9b7297513 Mon Sep 17 00:00:00 2001 From: Nigel Croxon Date: Thu, 18 Jul 2024 13:05:57 -0400 Subject: [PATCH 160/201] mdadm: sysfs.c fix coverity issues Fixing the following coding errors the coverity tools found: * Event fixed_size_dest: You might overrun the 32-character fixed-size string "mdi->sys_name" by copying "devnm" without checking the length * Event fixed_size_dest: You might overrun the 50-character fixed-size string "sra->text_version" by copying "buf + 9" without checking the length. * Event string_overflow: You might overrun the 32-character destination string "dev->sys_name" by writing 256 characters from "de->d_name". Signed-off-by: Nigel Croxon --- sysfs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sysfs.c b/sysfs.c index 20fe1e9e..b3c8b10d 100644 --- a/sysfs.c +++ b/sysfs.c @@ -139,7 +139,7 @@ int sysfs_init(struct mdinfo *mdi, int fd, char *devnm) goto out; if (!S_ISDIR(stb.st_mode)) goto out; - strcpy(mdi->sys_name, devnm); + strncpy(mdi->sys_name, devnm, sizeof(mdi->sys_name) - 1); retval = 0; out: @@ -179,6 +179,7 @@ struct mdinfo *sysfs_read(int fd, char *devnm, unsigned long options) sra->array.major_version = -1; sra->array.minor_version = -2; strcpy(sra->text_version, buf+9); + sra->text_version[sizeof(sra->text_version) - 1] = '\0'; } else { sscanf(buf, "%d.%d", &sra->array.major_version, @@ -340,6 +341,7 @@ struct mdinfo *sysfs_read(int fd, char *devnm, unsigned long options) } strcpy(dev->sys_name, de->d_name); + dev->sys_name[sizeof(dev->sys_name) - 1] = '\0'; dev->disk.raid_disk = strtoul(buf, &ep, 10); if (*ep) dev->disk.raid_disk = -1; -- 2.41.0