[PATCH] Fix string overflow in pp_hds_modular

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Christophe,

our build checker detected a string overflow in pp_hds_modular.
One shouldn't really write 9 bytes into a 8 byte string ...

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		      zSeries & Storage
hare@xxxxxxx			      +49 911 74053 688
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Markus Rex, HRB 16746 (AG Nürnberg)
tree d0feb33b9e79f82c08ba54e3232ff74e3d0a3e92
parent 5ac8944b746a19c2c08e96d9c91c5b00eb0ef95e
author Hannes Reinecke <hare@xxxxxxx> 1186052416 +0200
committer Hannes Reinecke <hare@xxxxxxx> 1186052416 +0200

pp_hds_modular: Fix buffer overflow

'vendor' is defined to hold 8 bytes, yet snprintf tries to write 9 bytes
to it. Bad.

Signed-off-by: Hannes Reinecke <hare@xxxxxxx>
a04c8abdc0da9556ac4ccedacef3ca41f0aceeb9
 path_priority/pp_hds_modular/pp_hds_modular.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/path_priority/pp_hds_modular/pp_hds_modular.c b/path_priority/pp_hds_modular/pp_hds_modular.c
index 7411508..10b28b8 100644
--- a/path_priority/pp_hds_modular/pp_hds_modular.c
+++ b/path_priority/pp_hds_modular/pp_hds_modular.c
@@ -120,7 +120,7 @@ int main (int argc, char **argv)
 int hds_modular_prio (const char *dev)
 {
 	int sg_fd, k;
-	char vendor[8];
+	char vendor[9];
 	char product[32];
 	char serial[32];
 	char ldev[32];
--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel

[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux