Eric Blake <ebl...@redhat.com> writes: > On 03/02/2017 03:43 PM, Markus Armbruster wrote: >> sd_parse_uri() truncates long VDI names silently. Reject them >> instead. >> >> Signed-off-by: Markus Armbruster <arm...@redhat.com> >> --- >> block/sheepdog.c | 4 +++- >> 1 file changed, 3 insertions(+), 1 deletion(-) >> >> diff --git a/block/sheepdog.c b/block/sheepdog.c >> index deb110e..72a52a6 100644 >> --- a/block/sheepdog.c >> +++ b/block/sheepdog.c >> @@ -985,7 +985,9 @@ static int sd_parse_uri(BDRVSheepdogState *s, const char >> *filename, >> ret = -EINVAL; >> goto out; >> } >> - pstrcpy(vdi, SD_MAX_VDI_LEN, uri->path + 1); >> + if (g_strlcpy(vdi, uri->path + 1, SD_MAX_VDI_LEN) >= SD_MAX_VDI_LEN) { >> + goto out; >> + } > > Does this need to set ret? Maybe to -EINVAL?
Yes. The next patch heals it, but of course I'll fix it anyway. >> >> qp = query_params_parse(uri->query); >> if (qp->n > 1 || (s->is_unix && !qp->n) || (!s->is_unix && qp->n)) { >>