From 0e58ad78350a61c88f4b97389a8f83f24ae11d11 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
Date: Wed, 13 Sep 2023 00:09:39 +0200
Subject: [PATCH] fdisk: remove usage of VLA
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Variable-length-arrays are susceptible to security issues, avoid them.

Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
---
 disk-utils/fdisk-list.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/disk-utils/fdisk-list.c b/disk-utils/fdisk-list.c
index 21d215e584..a1b6a844d4 100644
--- a/disk-utils/fdisk-list.c
+++ b/disk-utils/fdisk-list.c
@@ -469,21 +469,24 @@ void list_available_columns(FILE *out)
 static int fieldname_to_id(const char *name, size_t namesz)
 {
 	const struct fdisk_field *fl;
-	char buf[namesz + 1];
+	char *buf;
 
 	assert(name);
 	assert(namesz);
 	assert(fields_label);
 
-	memcpy(buf, name, namesz);
-	buf[namesz] = '\0';
+	buf = strndup(name, namesz);
+	if (!buf)
+		return -1;
 
 	fl = fdisk_label_get_field_by_name(fields_label, buf);
 	if (!fl) {
 		warnx(_("%s unknown column: %s"),
 				fdisk_label_get_name(fields_label), buf);
+		free(buf);
 		return -1;
 	}
+	free(buf);
 	return fdisk_field_get_id(fl);
 }
 
-- 
2.47.3