cgsnapshot: Fix possible non-null-terminated array

Coverity flagged a code path where the controllers[][] structure in
parse_controllers() may not have a '\0' string as its last entry.
This would break the logic in is_ctlr_on_list().

	The function may iterate past the end of the buffer looking for
	a null terminator.

	In parse_controllers: A character buffer that has not been null
	terminated is passed to a function expecting a null terminated
	string (CWE-170)

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>

diff --git a/src/tools/cgsnapshot.c b/src/tools/cgsnapshot.c
index 13720c375b3e1db5c7e4b0a7832f7dbd0b31cc1b..9917e134db43aed2469a3bb6ae47a2eb4570ff4f 100644 (file)
--- a/src/tools/cgsnapshot.c
+++ b/src/tools/cgsnapshot.c
@@ -556,8 +556,13 @@ static int parse_controllers(cont_name_t cont_names[CG_CONTROLLER_MAX], const ch
        /* go through the list of controllers/mount point pairs */
        while (ret == 0) {
                if (strcmp(path, controller.path) == 0) {
-                       /* if it is still the same mount point */
-                       if (max < CG_CONTROLLER_MAX) {
+                       /*
+                        * if it is still the same mount point
+                        *
+                        * note that the last entry in controllers[][] must be '\0', so
+                        * we need to stop populating the array at CG_CONTROLLER_MAX - 1
+                        */
+                       if (max < CG_CONTROLLER_MAX - 1) {
                                strncpy(controllers[max], controller.name, FILENAME_MAX);
                                (controllers[max])[FILENAME_MAX-1] = '\0';
                                max++;