diff mbox

fsdev/virtfs-proxy-helper: Fix possible overflow

Message ID 1426244997-11392-1-git-send-email-zhaoshenglong@huawei.com
State New
Headers show

Commit Message

Shannon Zhao March 13, 2015, 11:09 a.m. UTC 
It's detected by coverity. As max of sockaddr_un.sun_path is
sizeof(helper.sun_path), should check the length of source
and use strncpy instead of strcpy.

Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
---
 fsdev/virtfs-proxy-helper.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Paolo Bonzini March 13, 2015, 12:51 p.m. UTC | #1 
On 13/03/2015 12:09, Shannon Zhao wrote:
> +    g_assert(strlen(path) < sizeof(proxy.sun_path));
>      sock = socket(AF_UNIX, SOCK_STREAM, 0);
>      if (sock < 0) {
>          do_perror("socket");
> @@ -748,7 +749,7 @@ static int proxy_socket(const char *path, uid_t uid, gid_t gid)
>      umask(7);
>  
>      proxy.sun_family = AF_UNIX;
> -    strcpy(proxy.sun_path, path);
> +    strncpy(proxy.sun_path, path, sizeof(proxy.sun_path));
>      if (bind(sock, (struct sockaddr *)&proxy,

Same as the other patch.

Paolo
diff mbox

Patch

diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
index bf2e5f3..f12d7a0 100644
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
@@ -738,6 +738,7 @@  static int proxy_socket(const char *path, uid_t uid, gid_t gid)
         return -1;
     }
 
+    g_assert(strlen(path) < sizeof(proxy.sun_path));
     sock = socket(AF_UNIX, SOCK_STREAM, 0);
     if (sock < 0) {
         do_perror("socket");
@@ -748,7 +749,7 @@  static int proxy_socket(const char *path, uid_t uid, gid_t gid)
     umask(7);
 
     proxy.sun_family = AF_UNIX;
-    strcpy(proxy.sun_path, path);
+    strncpy(proxy.sun_path, path, sizeof(proxy.sun_path));
     if (bind(sock, (struct sockaddr *)&proxy,
             sizeof(struct sockaddr_un)) < 0) {
         do_perror("bind");