[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 02/10] security: Use virStrcpy to move the label



On 01/17/13 20:17, John Ferlan wrote:
---
  src/security/security_dac.c | 8 +++++++-
  1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index deff024..7ef7eb9 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -995,7 +995,13 @@ virSecurityDACGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
          return -1;

      if (secdef->label)
-        strcpy(seclabel->label, secdef->label);
+        if (!virStrcpy(seclabel->label, secdef->label,
+                       VIR_SECURITY_LABEL_BUFLEN)) {

I'd rather go for a ignore_value here. AFAIK it's impossible to overflow the allocated buffer here.

+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           _("security label exceeds max %d bytes"),
+                           VIR_SECURITY_LABEL_BUFLEN-1);
+            return -1;
+        }

      return 0;
  }


Peter


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]