[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[dm-devel] [PATCH] Fix string overflow in pp_hds_modular



Hi Christophe,

our build checker detected a string overflow in pp_hds_modular.
One shouldn't really write 9 bytes into a 8 byte string ...

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		      zSeries & Storage
hare suse de			      +49 911 74053 688
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Markus Rex, HRB 16746 (AG Nürnberg)
tree d0feb33b9e79f82c08ba54e3232ff74e3d0a3e92
parent 5ac8944b746a19c2c08e96d9c91c5b00eb0ef95e
author Hannes Reinecke <hare suse de> 1186052416 +0200
committer Hannes Reinecke <hare suse de> 1186052416 +0200

pp_hds_modular: Fix buffer overflow

'vendor' is defined to hold 8 bytes, yet snprintf tries to write 9 bytes
to it. Bad.

Signed-off-by: Hannes Reinecke <hare suse de>
a04c8abdc0da9556ac4ccedacef3ca41f0aceeb9
 path_priority/pp_hds_modular/pp_hds_modular.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/path_priority/pp_hds_modular/pp_hds_modular.c b/path_priority/pp_hds_modular/pp_hds_modular.c
index 7411508..10b28b8 100644
--- a/path_priority/pp_hds_modular/pp_hds_modular.c
+++ b/path_priority/pp_hds_modular/pp_hds_modular.c
@@ -120,7 +120,7 @@ int main (int argc, char **argv)
 int hds_modular_prio (const char *dev)
 {
 	int sg_fd, k;
-	char vendor[8];
+	char vendor[9];
 	char product[32];
 	char serial[32];
 	char ldev[32];

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]