From: Eric Sandeen <sandeen@redhat.com>
Date: Sat, 26 Jan 2013 22:40:25 +0000 (+0000)
Subject: libhandle: Guard against string overflow in path_to_fspath()
X-Git-Tag: v3.1.11~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55d1fd480b7328f0c51a7de5ed64ea371927c933;p=thirdparty%2Fxfsprogs-dev.git

libhandle: Guard against string overflow in path_to_fspath()

path_to_fspath does a blind strcpy into an array of
MAXPATHLEN; we should be sure to limit this so that it
does not go over the size of the array.

I don't think I see a way to get here today with a too-long
path, but I don't think it'll hurt to be defensive.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Mark Tinguely <tinguely@sgi.com>
Signed-off-by: Mark Tinguely <tinguely@sgi.com>
---

diff --git a/libhandle/handle.c b/libhandle/handle.c
index b1ec5f2a7..9a232fa78 100644
--- a/libhandle/handle.c
+++ b/libhandle/handle.c
@@ -158,7 +158,8 @@ path_to_fspath(char *path)
 	if (S_ISREG(statbuf.st_mode) || S_ISDIR(statbuf.st_mode))
 		return path;
 
-	strcpy(dirpath, path);
+	strncpy(dirpath, path, MAXPATHLEN);
+	dirpath[MAXPATHLEN-1] = '\0';
 	return dirname(dirpath);
 }