On 12/19/22 08:08, Mariusz Tkaczyk wrote: > On Mon, 19 Dec 2022 19:50:52 +0800 > lixiaokeng <lixiaokeng@xxxxxxxxxx> wrote: > >> On 2022/12/15 19:50, Mariusz Tkaczyk wrote: >>> On Wed, 14 Dec 2022 11:17:41 +0800 >>> lixiaokeng <lixiaokeng@xxxxxxxxxx> wrote: >>> >>>> strcpy(st->devnm, devnm); >>> >>> Hi, >>> Please use strncpy or snprintf here. >> >> Thanks for your advice, but the length of devnm is not >> a defined value. I will keep it as the old codes. > > Supertype devnm is a array defined to be 32. > https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/tree/mdadm.h#n1256 > > 32 should be changed to MD_NAME_MAX - you can use this define. > I traveled fd2devnm and I can see that at the end devid2devnm returns: > static char devnm[32] > https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/tree/lib.c#n123 > > For that reason usage of strcpy in this case seems to be safe, unless we change > something deeper. My recommendation comes from general safe development rules- > we know dest buffer size so we can esnure that it will be ended properly by > '\0', whatever comes to write from fd2devnm(). Totally agree here! Jes
