sd_parse_uri() truncates long VDI names silently. Reject them instead. Signed-off-by: Markus Armbruster <arm...@redhat.com> --- block/sheepdog.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/block/sheepdog.c b/block/sheepdog.c index deb110e..72a52a6 100644 --- a/block/sheepdog.c +++ b/block/sheepdog.c @@ -985,7 +985,9 @@ static int sd_parse_uri(BDRVSheepdogState *s, const char *filename, ret = -EINVAL; goto out; } - pstrcpy(vdi, SD_MAX_VDI_LEN, uri->path + 1); + if (g_strlcpy(vdi, uri->path + 1, SD_MAX_VDI_LEN) >= SD_MAX_VDI_LEN) { + goto out; + } qp = query_params_parse(uri->query); if (qp->n > 1 || (s->is_unix && !qp->n) || (!s->is_unix && qp->n)) { -- 2.7.4