From: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Date: Wed, 6 Jul 2022 20:09:38 +0000 (-0600)
Subject: config: cgroup_config_insert_into_mount_table() use strncpy()
X-Git-Tag: v2.0.3~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a3aab924ab0bffa50b75e82e08160815100c1da1;p=thirdparty%2Flibcgroup.git

config: cgroup_config_insert_into_mount_table() use strncpy()

Fix copy into fixed size buffer warning, reported by Coverity tool:

CID 258282 (#2 of 2): Copy into fixed size buffer (STRING_OVERFLOW)9.
fixed_size_dest: You might overrun the 4096-character fixed-size string
config_mount_table[config_table_index].mount.path by copying mount_point
without checking the length.
parameter_as_source: Note: This defect has an elevated risk because the
source argument is a parameter of the current function

Also, convert config_mount_table[config_table_index].name strcpy to
strncpy.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
(cherry picked from commit 4c8e4fd284b4677e5e9bab4f9e13b0866020b499)
---

diff --git a/src/config.c b/src/config.c
index c0a106a5..b8342c66 100644
--- a/src/config.c
+++ b/src/config.c
@@ -569,8 +569,16 @@ int cgroup_config_insert_into_mount_table(char *name, char *mount_point)
 		}
 	}
 
-	strcpy(config_mount_table[config_table_index].name, name);
-	strcpy(config_mount_table[config_table_index].mount.path, mount_point);
+	strncpy(config_mount_table[config_table_index].name, name,
+		CONTROL_NAMELEN_MAX  - 1);
+	config_mount_table[config_table_index].name[CONTROL_NAMELEN_MAX - 1] =
+									'\0';
+
+	strncpy(config_mount_table[config_table_index].mount.path, mount_point,
+	       FILENAME_MAX - 1);
+	config_mount_table[config_table_index].mount.path[FILENAME_MAX - 1] =
+									'\0';
+
 	config_mount_table[config_table_index].mount.next = NULL;
 	config_table_index++;
 done: