git.ipfire.org Git - thirdparty/mdadm.git/commit

author	Nigel Croxon <ncroxon@redhat.com>
	Wed, 25 Aug 2021 15:30:14 +0000 (11:30 -0400)
committer	Jes Sorensen <jsorensen@fb.com>
	Fri, 8 Oct 2021 15:46:02 +0000 (11:46 -0400)
commit	cf16a350552ed853d7228f5ebfa3353a7e0538c9
tree	6b3f3d1287d9f474cffdea29025705c5dda9d11a	tree \| snapshot
parent	60815698c0acda9bbf9b880bf78831cc8d9e159f	commit \| diff

Fix buffer size warning for strcpy

To meet requirements of Common Criteria certification vulnerability
assessment. Static code analysis has been run and found the following
error:
buffer_size_warning: Calling "strncpy" with a maximum size
argument of 16 bytes on destination array "ve->name" of
size 16 bytes might leave the destination string unterminated.
https://people.redhat.com/ncroxon/mdadm-4.2-rc2-scan-results.html

The change is to make the destination size to fit the allocated size.

V5:
Simplify the the strnlen call.

V4:
Code cleanup of the interim "if" statement.

V3: Doc change only:
The code change from filling ve->name with spaces to filling it with
null-terminated is to comform to the SNIA - Common RAID Disk Data
Format Specification. The format for VD_Name (ve->name) specifies
the field to be either ASCII or UNICODE. Bit 2 of the VD_Type field
MUST be used to determine the Unicode or ASCII format of this field.
If this field is not used, all bytes MUST be set to zero.

V2: Change from zero-terminated to zero-padded on memset and
change from using strncpy to memcpy, feedback from Neil Brown.

Tested-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
Signed-off-by: Nigel Croxon <ncroxon@redhat.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>