Eric Blake <ebl...@redhat.com> writes:
> On 03/02/2017 03:43 PM, Markus Armbruster wrote:
>> sd_parse_uri() truncates long VDI names silently. Reject them
>> instead.
>>
>> Signed-off-by: Markus Armbruster <arm...@redhat.com>
>> ---
>> block/sheepdog.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/block/sheepdog.c b/block/sheepdog.c
>> index deb110e..72a52a6 100644
>> --- a/block/sheepdog.c
>> +++ b/block/sheepdog.c
>> @@ -985,7 +985,9 @@ static int sd_parse_uri(BDRVSheepdogState *s, const char
>> *filename,
>> ret = -EINVAL;
>> goto out;
>> }
>> - pstrcpy(vdi, SD_MAX_VDI_LEN, uri->path + 1);
>> + if (g_strlcpy(vdi, uri->path + 1, SD_MAX_VDI_LEN) >= SD_MAX_VDI_LEN) {
>> + goto out;
>> + }
>
> Does this need to set ret? Maybe to -EINVAL?
Yes. The next patch heals it, but of course I'll fix it anyway.
>>
>> qp = query_params_parse(uri->query);
>> if (qp->n > 1 || (s->is_unix && !qp->n) || (!s->is_unix && qp->n)) {
>>
