On 8/25/21 11:30 AM, Nigel Croxon wrote: > To meet requirements of Common Criteria certification vulnerability > assessment. Static code analysis has been run and found the following > error: > buffer_size_warning: Calling "strncpy" with a maximum size > argument of 16 bytes on destination array "ve->name" of > size 16 bytes might leave the destination string unterminated. > https://people.redhat.com/ncroxon/mdadm-4.2-rc2-scan-results.html > > The change is to make the destination size to fit the allocated size. > > V5: > Simplify the the strnlen call. > > V4: > Code cleanup of the interim "if" statement. > > V3: Doc change only: > The code change from filling ve->name with spaces to filling it with > null-terminated is to comform to the SNIA - Common RAID Disk Data > Format Specification. The format for VD_Name (ve->name) specifies > the field to be either ASCII or UNICODE. Bit 2 of the VD_Type field > MUST be used to determine the Unicode or ASCII format of this field. > If this field is not used, all bytes MUST be set to zero. > > V2: Change from zero-terminated to zero-padded on memset and > change from using strncpy to memcpy, feedback from Neil Brown. > > Tested-by: Mariusz Tkaczyk <mariusz.tkaczyk@xxxxxxxxxxxxxxx> > Signed-off-by: Nigel Croxon <ncroxon@xxxxxxxxxx> > --- > super-ddf.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) Applied! Thanks Jes
