From 657d9adb71ed50275b1ed2a0d4e966032db5ba97 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 9 Jul 2012 22:26:27 +0200
Subject: [PATCH] fix buffer overrun in some calls to sscanf

Reported-by: Sergei Antonov <saproj@gmail.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
 disk-utils/blockdev.c  | 2 +-
 fdisks/fdisk.c         | 2 +-
 fdisks/sfdisk.c        | 2 +-
 lib/loopdev.c          | 2 +-
 lib/sysfs.c            | 2 +-
 libblkid/src/devname.c | 2 +-
 libblkid/src/devno.c   | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/disk-utils/blockdev.c b/disk-utils/blockdev.c
index ba06ad0355..a9e8833ffa 100644
--- a/disk-utils/blockdev.c
+++ b/disk-utils/blockdev.c
@@ -411,7 +411,7 @@ static void report_all_devices(void)
 {
 	FILE *procpt;
 	char line[200];
-	char ptname[200];
+	char ptname[200 + 1];
 	char device[210];
 	int ma, mi, sz;
 
diff --git a/fdisks/fdisk.c b/fdisks/fdisk.c
index 748badf473..4d5ab02ceb 100644
--- a/fdisks/fdisk.c
+++ b/fdisks/fdisk.c
@@ -1819,7 +1819,7 @@ static void
 print_all_partition_table_from_option(unsigned long sector_size)
 {
 	FILE *procpt;
-	char line[128], ptname[128], devname[256];
+	char line[128 + 1], ptname[128 + 1], devname[256];
 	int ma, mi;
 	unsigned long long sz;
 
diff --git a/fdisks/sfdisk.c b/fdisks/sfdisk.c
index c9853867a3..15c6d331ff 100644
--- a/fdisks/sfdisk.c
+++ b/fdisks/sfdisk.c
@@ -2508,7 +2508,7 @@ static int is_ide_cdrom_or_tape(char *device)
 static char *
 nextproc(FILE * procf) {
     static char devname[256];
-    char line[1024], ptname[128];
+    char line[1024], ptname[128 + 1];
     int ma, mi;
     unsigned long long sz;
 
diff --git a/lib/loopdev.c b/lib/loopdev.c
index b759f0c28a..b644ae50c9 100644
--- a/lib/loopdev.c
+++ b/lib/loopdev.c
@@ -478,7 +478,7 @@ static int loopcxt_next_from_proc(struct loopdev_cxt *lc)
 
 	while (fgets(buf, sizeof(buf), iter->proc)) {
 		unsigned int m;
-		char name[128];
+		char name[128 + 1];
 
 
 		if (sscanf(buf, " %u %*s %*s %128[^\n ]",
diff --git a/lib/sysfs.c b/lib/sysfs.c
index ad90c19c83..7455a30f7c 100644
--- a/lib/sysfs.c
+++ b/lib/sysfs.c
@@ -373,7 +373,7 @@ int sysfs_read_int(struct sysfs_cxt *cxt, const char *attr, int *res)
 char *sysfs_strdup(struct sysfs_cxt *cxt, const char *attr)
 {
 	char buf[1024];
-	return sysfs_scanf(cxt, attr, "%1024[^\n]", buf) == 1 ?
+	return sysfs_scanf(cxt, attr, "%1023[^\n]", buf) == 1 ?
 						strdup(buf) : NULL;
 }
 
diff --git a/libblkid/src/devname.c b/libblkid/src/devname.c
index 4a08452d8c..17a9e50706 100644
--- a/libblkid/src/devname.c
+++ b/libblkid/src/devname.c
@@ -420,7 +420,7 @@ static int probe_all(blkid_cache cache, int only_if_new)
 {
 	FILE *proc;
 	char line[1024];
-	char ptname0[128], ptname1[128], *ptname = 0;
+	char ptname0[128 + 1], ptname1[128 + 1], *ptname = 0;
 	char *ptnames[2];
 	dev_t devs[2];
 	int ma, mi;
diff --git a/libblkid/src/devno.c b/libblkid/src/devno.c
index 2996343a05..3024beefa7 100644
--- a/libblkid/src/devno.c
+++ b/libblkid/src/devno.c
@@ -333,7 +333,7 @@ int blkid_driver_has_major(const char *drvname, int major)
 
 	while (fgets(buf, sizeof(buf), f)) {
 		int maj;
-		char name[64];
+		char name[64 + 1];
 
 		if (sscanf(buf, "%d %64[^\n ]", &maj, name) != 2)
 			continue;
-- 
2.47.3