From: Xiao Ni <xni@redhat.com>
Date: Tue, 28 May 2024 08:44:39 +0000 (+0800)
Subject: mdadm/platform-intel: buffer overflow detected
X-Git-Tag: mdadm-4.4~153
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=827e1870f320545796d907f50af594e901399417;p=thirdparty%2Fmdadm.git

mdadm/platform-intel: buffer overflow detected

mdadm -CR /dev/md0 -l1 -n2 /dev/nvme0n1 /dev/nvme2n1
*** buffer overflow detected ***: terminated
Aborted (core dumped)

It doesn't happen 100% and it depends on the building environment.
It can be fixed by replacing sprintf with snprintf.

Fixes: d835518b6b53 ('imsm: nvme multipath support')
Reported-by: Guang Wu <guazhang@redhat.com>
Signed-off-by: Xiao Ni <xni@redhat.com>
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
---

diff --git a/platform-intel.c b/platform-intel.c
index 15a9fa5a..d6a53533 100644
--- a/platform-intel.c
+++ b/platform-intel.c
@@ -907,14 +907,14 @@ char *get_nvme_multipath_dev_hw_path(const char *dev_path)
 		return NULL;
 
 	for (ent = readdir(dir); ent; ent = readdir(dir)) {
-		char buf[strlen(dev_path) + strlen(ent->d_name) + 1];
+		char buf[PATH_MAX];
 
 		/* Check if dir is a controller, ignore namespaces*/
 		if (!(strncmp(ent->d_name, "nvme", 4) == 0) ||
 		    (strrchr(ent->d_name, 'n') != &ent->d_name[0]))
 			continue;
 
-		sprintf(buf, "%s/%s", dev_path, ent->d_name);
+		snprintf(buf, PATH_MAX, "%s/%s", dev_path, ent->d_name);
 		rp = realpath(buf, NULL);
 		break;
 	}