xfs_fsr: guard against path string overflows

gettmpname() and getparent() blindly copy strings
into a target array; be sure we limit the copy to
the size of the target and null terminate it.

I don't see a way to get here with a too-long name,
since most paths try to open or stat the file already,
but it can't hurt to be defensive.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Mark Tinguely <tinguely@sgi.com>
Signed-off-by: Mark Tinguely <tinguely@sgi.com>

diff --git a/fsr/xfs_fsr.c b/fsr/xfs_fsr.c
index 2db222498ebb9b37cd3de13f4effe4477c5981be..843f57d707669334bfa756be765abd8dcfa415e5 100644 (file)
--- a/fsr/xfs_fsr.c
+++ b/fsr/xfs_fsr.c
@@ -1452,7 +1452,8 @@ gettmpname(char *fname)
 
        sprintf(sbuf, "/.fsr%d", getpid());
 
-       strcpy(buf, fname);
+       strncpy(buf, fname, PATH_MAX);
+       buf[PATH_MAX] = '\0';
        ptr = strrchr(buf, '/');
        if (ptr) {
                *ptr = '\0';
@@ -1476,7 +1477,8 @@ getparent(char *fname)
        static char     buf[PATH_MAX+1];
        char            *ptr;
 
-       strcpy(buf, fname);
+       strncpy(buf, fname, PATH_MAX);
+       buf[PATH_MAX] = '\0';
        ptr = strrchr(buf, '/');
        if (ptr) {
                if (ptr == &buf[0])