On Fri, Jun 07, 2019 at 03:05:29PM +0200, Martin Wilck wrote: Not a big deal since default socket is a defined string, but since we are writing to &addr.sun_path[1], if DEFAULT_SOCKET were of size >= "sizeof(addr.sun_path) - 1", the strncpy() would fill all of addr.sun_path, without leaving any space for the the null byte at the end. I assume you meant to change this to be strlcpy() instead of leaving it as strncpy(). -Ben > Signed-off-by: Martin Wilck <mwilck@xxxxxxxx> > --- > libmpathcmd/mpath_cmd.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libmpathcmd/mpath_cmd.c b/libmpathcmd/mpath_cmd.c > index b681311b..05b69316 100644 > --- a/libmpathcmd/mpath_cmd.c > +++ b/libmpathcmd/mpath_cmd.c > @@ -104,7 +104,7 @@ int __mpath_connect(int nonblocking) > addr.sun_family = AF_LOCAL; > addr.sun_path[0] = '\0'; > len = strlen(DEFAULT_SOCKET) + 1 + sizeof(sa_family_t); > - strncpy(&addr.sun_path[1], DEFAULT_SOCKET, len); > + strncpy(&addr.sun_path[1], DEFAULT_SOCKET, sizeof(addr.sun_path) - 1); > > fd = socket(AF_LOCAL, SOCK_STREAM, 0); > if (fd == -1) > -- > 2.21.0 -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
