From: Song Liu <songliubraving@fb.com>
Date: Thu, 8 Sep 2016 18:21:07 +0000 (-0700)
Subject: mdadm: fix a buffer overflow
X-Git-Tag: mdadm-4.0~54
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=474267015b492308d5f410e3568c6cb3d370c688;p=thirdparty%2Fmdadm.git

mdadm: fix a buffer overflow

struct mdp_superblock_1.set_name is 32B long, but struct mdinfo.name
is 33B long. So we need strncpy instead strcpy to avoid buffer
overflow.

Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
---

diff --git a/super1.c b/super1.c
index f3e40232..9f62d23f 100644
--- a/super1.c
+++ b/super1.c
@@ -1294,7 +1294,7 @@ static int update_super1(struct supertype *st, struct mdinfo *info,
 			strcat(sb->set_name, ":");
 			strcat(sb->set_name, info->name);
 		} else
-			strcpy(sb->set_name, info->name);
+			strncpy(sb->set_name, info->name, sizeof(sb->set_name));
 	} else if (strcmp(update, "devicesize") == 0 &&
 	    __le64_to_cpu(sb->super_offset) <
 	    __le64_to_cpu(sb->data_offset)) {
@@ -1444,7 +1444,7 @@ static int init_super1(struct supertype *st, mdu_array_info_t *info,
 		strcat(sb->set_name, ":");
 		strcat(sb->set_name, name);
 	} else
-		strcpy(sb->set_name, name);
+		strncpy(sb->set_name, name, sizeof(sb->set_name));
 
 	sb->ctime = __cpu_to_le64((unsigned long long)time(0));
 	sb->level = __cpu_to_le32(info->level);