If the first WWID_LEN bytes of the uuid_attribute do not contain
a 0 byte, pp->wwid may end up not properly terminated. Fix it by
using strlcpy() rather than strncpy().
Signed-off-by: Martin Wilck <mwilck@xxxxxxxx>
Acked-by: Benjamin Marzinski <bmarzins@xxxxxxxxxx>
---
libmultipath/discovery.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/libmultipath/discovery.c b/libmultipath/discovery.c
index 663c8eaa..419a148b 100644
--- a/libmultipath/discovery.c
+++ b/libmultipath/discovery.c
@@ -1608,13 +1608,11 @@ get_udev_uid(struct path * pp, char *uid_attribute, struct udev_device *udev)
if (!value || strlen(value) == 0)
value = getenv(uid_attribute);
if (value && strlen(value)) {
- if (strlen(value) + 1 > WWID_SIZE) {
+ len = strlcpy(pp->wwid, value, WWID_SIZE);
+ if (len >= WWID_SIZE) {
condlog(0, "%s: wwid overflow", pp->dev);
len = WWID_SIZE;
- } else {
- len = strlen(value);
}
- strncpy(pp->wwid, value, len);
} else {
condlog(3, "%s: no %s attribute", pp->dev,
uid_attribute);
--
2.13.2
--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel
