Fix buffer size warning for strcpy

To meet requirements of Common Criteria certification vulnerability
assessment. Static code analysis has been run and found the following
error:
buffer_size_warning: Calling "strncpy" with a maximum size
argument of 16 bytes on destination array "ve->name" of
size 16 bytes might leave the destination string unterminated.
https://people.redhat.com/ncroxon/mdadm-4.2-rc2-scan-results.html

The change is to make the destination size to fit the allocated size.

V5:
Simplify the the strnlen call.

V4:
Code cleanup of the interim "if" statement.

V3: Doc change only:
The code change from filling ve->name with spaces to filling it with
null-terminated is to comform to the SNIA - Common RAID Disk Data
Format Specification. The format for VD_Name (ve->name) specifies
the field to be either ASCII or UNICODE. Bit 2 of the VD_Type field
MUST be used to determine the Unicode or ASCII format of this field.
If this field is not used, all bytes MUST be set to zero.

V2: Change from zero-terminated to zero-padded on memset and
change from using strncpy to memcpy, feedback from Neil Brown.

Tested-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
Signed-off-by: Nigel Croxon <ncroxon@redhat.com>
Signed-off-by: Jes Sorensen <jsorensen@fb.com>

diff --git a/super-ddf.c b/super-ddf.c
index afbe3b73827616b5fd7ee7cbdc50aee0c2cf250a..d334a79ddcb446ed34e5f2e98b3ba78234588a9f 100644 (file)
--- a/super-ddf.c
+++ b/super-ddf.c
@@ -2637,9 +2637,11 @@ static int init_super_ddf_bvd(struct supertype *st,
                ve->init_state = DDF_init_not;
 
        memset(ve->pad1, 0xff, 14);
-       memset(ve->name, ' ', 16);
-       if (name)
-               strncpy(ve->name, name, 16);
+       memset(ve->name, '\0', sizeof(ve->name));
+       if (name) {
+               int l = strnlen(name, sizeof(ve->name));
+               memcpy(ve->name, name, l);
+       }
        ddf->virt->populated_vdes =
                cpu_to_be16(be16_to_cpu(ddf->virt->populated_vdes)+1);