libhandle: Guard against string overflow in path_to_fspath()

path_to_fspath does a blind strcpy into an array of
MAXPATHLEN; we should be sure to limit this so that it
does not go over the size of the array.

I don't think I see a way to get here today with a too-long
path, but I don't think it'll hurt to be defensive.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Mark Tinguely <tinguely@sgi.com>
Signed-off-by: Mark Tinguely <tinguely@sgi.com>

diff --git a/libhandle/handle.c b/libhandle/handle.c
index b1ec5f2a7c7d9b17bdd94d2a3620c4d2e0395045..9a232fa7861f3e2bf5d3a8fa973e6a3a121bcc98 100644 (file)
--- a/libhandle/handle.c
+++ b/libhandle/handle.c
@@ -158,7 +158,8 @@ path_to_fspath(char *path)
        if (S_ISREG(statbuf.st_mode) || S_ISDIR(statbuf.st_mode))
                return path;
 
-       strcpy(dirpath, path);
+       strncpy(dirpath, path, MAXPATHLEN);
+       dirpath[MAXPATHLEN-1] = '\0';
        return dirname(dirpath);
 }