Use strncpy instead of strcpy (coverity)

2012-11-30 14:38:34 +01:00 · 2012-11-30 14:38:34 +01:00 · 28d1f2579f
parent aa1c4819c2
commit 28d1f2579f
2 changed files with 22 additions and 1 deletions
--- a/sgpio-1.2-coverity.patch
+++ b/sgpio-1.2-coverity.patch
@ -0,0 +1,16 @@
+Assume buffer overflow even if it's not possible.
+Found by coverity.
+
+Author: Jan Synacek <jsynacek@redhat.com>
+
+--- sgpio/sgpio.c.orig	2012-11-30 14:14:09.000000000 +0100
+++ sgpio/sgpio.c	2012-11-30 14:14:17.437228466 +0100
+@@ -629,7 +629,7 @@
+ 		return -1;
+ 	}
+ 
+-	strcpy(location, sys_scsi_path);
+	strncpy(location, sys_scsi_path, FS_PATH_LEN);
+ 	len = strlen(location);
+ 
+ 	for(i=0;i<dir_qan;i++){
--- a/sgpio.spec
+++ b/sgpio.spec
@ -1,7 +1,7 @@
 Summary: SGPIO captive backplane tool
 Name: sgpio
 Version: 1.2.0.10
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 URL: http://sources.redhat.com/lvm2/wiki/DMRAID_Eventing
@ -9,6 +9,7 @@ Source: sgpio-1.2-0.10-src.tar.gz
 # there is no official download link for the latest package
 #Source: http://sources.redhat.com/lvm2/wiki/DMRAID_Eventing?action=AttachFile&do=get&target=sgpio-1.2.tgz
 Patch0: sgpio-1.2-makefile.patch
+Patch1: sgpio-1.2-coverity.patch
 BuildRequires: dos2unix

 %description
@ -18,6 +19,7 @@ Intel SGPIO enclosure management utility
 %setup -q -n sgpio
 dos2unix --keepdate Makefile README
 %patch0 -p1 -b .makefile
+%patch1 -p1 -b .coverity
 chmod a-x *

 %build
@ -34,6 +36,9 @@ make install INSTALL="%{__install} -p" DESTDIR=$RPM_BUILD_ROOT SBIN_DIR=$RPM_BUI
 %{_mandir}/man1/sgpio.*

 %changelog
+* Fri Nov 30 2012 Jan Synáček <jsynacek@redhat.com> - 1.2.0.10-10
+- Use strncpy instead of strcpy (coverity)
+
 * Mon Nov 19 2012 Jan Synáček <jsynacek@redhat.com> - 1.2.0.10-9
 - dos2unix'ed the patch
 - Call dos2unix before patching and dos2unix Makefile as well