scsi_id: use strscpy instead of strncpy for wwn fields

strncpy does not null-terminate the destination buffer if the source
string is longer than the count parameter. Since wwn and
wwn_vendor_extension are char[17] and we copy up to 16 bytes, there's
a risk of missing null termination. Use strscpy which always
null-terminates.

CID#1469706

Follow-up for 4e9fdfccbdd16f0cfdb5c8fa8484a8ba0f2e69d3

diff --git a/src/udev/scsi_id/scsi_serial.c b/src/udev/scsi_id/scsi_serial.c
index 20caf695bf47a3e98f87ca01261c2f585eee0f65..82557e3b057a940e764e655ba04a89691b259fab 100644 (file)
--- a/src/udev/scsi_id/scsi_serial.c
+++ b/src/udev/scsi_id/scsi_serial.c
@@ -21,6 +21,7 @@
 #include "scsi.h"
 #include "scsi_id.h"
 #include "string-util.h"
+#include "strxcpyx.h"
 #include "time-util.h"
 
 /*
@@ -517,9 +518,9 @@ static int check_fill_0x83_id(struct scsi_id_device *dev_scsi,
         strcpy(serial_short, serial + s);
 
         if (id_search->id_type == SCSI_ID_NAA && wwn != NULL) {
-                strncpy(wwn, serial + s, 16);
+                strscpy(wwn, 17, serial + s);
                 if (wwn_vendor_extension)
-                        strncpy(wwn_vendor_extension, serial + s + 16, 16);
+                        strscpy(wwn_vendor_extension, 17, serial + s + 16);
         }
 
         return 0;