On Fri, Jul 03, 2015 at 12:21:23AM +0200, Sergei Antonov wrote: > Use strncpy() instead of strcpy() to copy partition name and type. > This prevents possible buffer overflow, because the source string > occupies up to 33 bytes with a terminating null. > > Static analysis tools complain about the code as it is now: > Function: _generate_raw_part > Destination buffer too small > string_overflow: You might overrun the 32 byte destination string > part_map_entry->type by writing 33 bytes from mac_part_data->system_name > (Destination buffer too small, line 933) > > Cc: Sabas Rosales, Blanca E <[email protected]> > Signed-off-by: Sergei Antonov <[email protected]> > --- > libparted/labels/mac.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libparted/labels/mac.c b/libparted/labels/mac.c > index 1034418..d8da941 100644 > --- a/libparted/labels/mac.c > +++ b/libparted/labels/mac.c > @@ -930,8 +930,8 @@ _generate_raw_part (PedDisk* disk, PedPartition* part, > = PED_CPU_TO_BE32 (mac_disk_data->last_part_entry_num); > part_map_entry->start_block = PED_CPU_TO_BE32 (part->geom.start); > part_map_entry->block_count = PED_CPU_TO_BE32 (part->geom.length); > - strcpy (part_map_entry->name, mac_part_data->volume_name); > - strcpy (part_map_entry->type, mac_part_data->system_name); > + strncpy (part_map_entry->name, mac_part_data->volume_name, 32); > + strncpy (part_map_entry->type, mac_part_data->system_name, 32); > > if (mac_part_data->is_driver) { > mac_part_data->boot_region_length = part->geom.length; > -- > 2.3.0
Thanks, pushed. -- Brian C. Lane | Anaconda Team | IRC: bcl #anaconda | Port Orchard, WA (PST8PDT)
