Hi Christophe,
our build checker detected a string overflow in pp_hds_modular.
One shouldn't really write 9 bytes into a 8 byte string ...
Cheers,
Hannes
--
Dr. Hannes Reinecke zSeries & Storage
hare@xxxxxxx +49 911 74053 688
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Markus Rex, HRB 16746 (AG Nürnberg)
tree d0feb33b9e79f82c08ba54e3232ff74e3d0a3e92
parent 5ac8944b746a19c2c08e96d9c91c5b00eb0ef95e
author Hannes Reinecke <hare@xxxxxxx> 1186052416 +0200
committer Hannes Reinecke <hare@xxxxxxx> 1186052416 +0200
pp_hds_modular: Fix buffer overflow
'vendor' is defined to hold 8 bytes, yet snprintf tries to write 9 bytes
to it. Bad.
Signed-off-by: Hannes Reinecke <hare@xxxxxxx>
a04c8abdc0da9556ac4ccedacef3ca41f0aceeb9
path_priority/pp_hds_modular/pp_hds_modular.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/path_priority/pp_hds_modular/pp_hds_modular.c b/path_priority/pp_hds_modular/pp_hds_modular.c
index 7411508..10b28b8 100644
--- a/path_priority/pp_hds_modular/pp_hds_modular.c
+++ b/path_priority/pp_hds_modular/pp_hds_modular.c
@@ -120,7 +120,7 @@ int main (int argc, char **argv)
int hds_modular_prio (const char *dev)
{
int sg_fd, k;
- char vendor[8];
+ char vendor[9];
char product[32];
char serial[32];
char ldev[32];
--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel
