mdadm/0160-mdadm-sysfs.c-fix-coverity-issues.patch

From 18eaf6c5206a37ad059c930d1ee2dbc9b7297513 Mon Sep 17 00:00:00 2001
From: Nigel Croxon <ncroxon@redhat.com>
Date: Thu, 18 Jul 2024 13:05:57 -0400
Subject: [PATCH 160/201] mdadm: sysfs.c fix coverity issues

Fixing the following coding errors the coverity tools found:

* Event fixed_size_dest: You might overrun the 32-character
fixed-size string "mdi->sys_name" by copying "devnm" without
checking the length

* Event fixed_size_dest: You might overrun the 50-character
fixed-size string "sra->text_version" by copying "buf + 9"
without checking the length.

* Event string_overflow: You might overrun the 32-character
destination string "dev->sys_name" by writing 256 characters
from "de->d_name".

Signed-off-by: Nigel Croxon <ncroxon@redhat.com>
---
 sysfs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sysfs.c b/sysfs.c
index 20fe1e9e..b3c8b10d 100644
--- a/sysfs.c
+++ b/sysfs.c
@@ -139,7 +139,7 @@ int sysfs_init(struct mdinfo *mdi, int fd, char *devnm)
 		goto out;
 	if (!S_ISDIR(stb.st_mode))
 		goto out;
-	strcpy(mdi->sys_name, devnm);
+	strncpy(mdi->sys_name, devnm, sizeof(mdi->sys_name) - 1);
 
 	retval = 0;
 out:
@@ -179,6 +179,7 @@ struct mdinfo *sysfs_read(int fd, char *devnm, unsigned long options)
 			sra->array.major_version = -1;
 			sra->array.minor_version = -2;
 			strcpy(sra->text_version, buf+9);
+			sra->text_version[sizeof(sra->text_version) - 1] = '\0';
 		} else {
 			sscanf(buf, "%d.%d",
 			       &sra->array.major_version,
@@ -340,6 +341,7 @@ struct mdinfo *sysfs_read(int fd, char *devnm, unsigned long options)
 
 		}
 		strcpy(dev->sys_name, de->d_name);
+		dev->sys_name[sizeof(dev->sys_name) - 1] = '\0';
 		dev->disk.raid_disk = strtoul(buf, &ep, 10);
 		if (*ep) dev->disk.raid_disk = -1;
 
-- 
2.41.0