RE: [PATCH] fix: imsm: prevent segfault in mark_failure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> -----Original Message-----
> From: linux-raid-owner@xxxxxxxxxxxxxxx [mailto:linux-raid-
> owner@xxxxxxxxxxxxxxx] On Behalf Of Lukasz Dorau
> Sent: Tuesday, October 18, 2011 9:45 AM
> To: neilb@xxxxxxx
> Cc: linux-raid@xxxxxxxxxxxxxxx; Labun, Marcin; Ciechanowski, Ed
> Subject: [PATCH] fix: imsm: prevent segfault in mark_failure
> 
> Using an array of chars without trailing '\000' as a parameter
> in sprintf() function can cause segfault. The snprintf() function
> should be used instead.
> 
> Signed-off-by: Lukasz Dorau <lukasz.dorau@xxxxxxxxx>
> ---
>  super-intel.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/super-intel.c b/super-intel.c
> index af06660..696cff3 100644
> --- a/super-intel.c
> +++ b/super-intel.c
> @@ -6015,7 +6015,7 @@ static int mark_failure(struct imsm_dev *dev, struct
> imsm_disk *disk, int idx)
>  	if (is_failed(disk) && (ord & IMSM_ORD_REBUILD))
>  		return 0;
> 
> -	sprintf(buf, "%s:0", disk->serial);
> +	snprintf(buf, MAX_RAID_SERIAL_LEN, "%s:0", disk->serial);
>  	if ((len = strlen(buf)) >= MAX_RAID_SERIAL_LEN)
>  		shift = len - MAX_RAID_SERIAL_LEN + 1;
>  	strncpy((char *)disk->serial, &buf[shift], MAX_RAID_SERIAL_LEN);
>

There is a stupid mistake in this patch.
I will correct it and send the right version soon.

Regards,
Lukasz Dorau

��.n��������+%������w��{.n�����{����w��ܨ}���Ơz�j:+v�����w����ޙ��&�)ߡ�a����z�ޗ���ݢj��w�f
[Index of Archives]     [Linux RAID Wiki]     [ATA RAID]     [Linux SCSI Target Infrastructure]     [Linux Block]     [Linux IDE]     [Linux SCSI]     [Linux Hams]     [Device Mapper]     [Device Mapper Cryptographics]     [Kernel]     [Linux Admin]     [Linux Net]     [GFS]     [RPM]     [git]     [Yosemite Forum]

  Powered by Linux