[parted-devel] [PATCH] mac: copy partition type and name correctly
Brian C. Lane
bcl at redhat.com
Thu Jul 2 22:41:35 UTC 2015
On Fri, Jul 03, 2015 at 12:21:23AM +0200, Sergei Antonov wrote:
> Use strncpy() instead of strcpy() to copy partition name and type.
> This prevents possible buffer overflow, because the source string
> occupies up to 33 bytes with a terminating null.
>
> Static analysis tools complain about the code as it is now:
> Function: _generate_raw_part
> Destination buffer too small
> string_overflow: You might overrun the 32 byte destination string
> part_map_entry->type by writing 33 bytes from mac_part_data->system_name
> (Destination buffer too small, line 933)
>
> Cc: Sabas Rosales, Blanca E <blanca.e.sabas.rosales at intel.com>
> Signed-off-by: Sergei Antonov <saproj at gmail.com>
> ---
> libparted/labels/mac.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libparted/labels/mac.c b/libparted/labels/mac.c
> index 1034418..d8da941 100644
> --- a/libparted/labels/mac.c
> +++ b/libparted/labels/mac.c
> @@ -930,8 +930,8 @@ _generate_raw_part (PedDisk* disk, PedPartition* part,
> = PED_CPU_TO_BE32 (mac_disk_data->last_part_entry_num);
> part_map_entry->start_block = PED_CPU_TO_BE32 (part->geom.start);
> part_map_entry->block_count = PED_CPU_TO_BE32 (part->geom.length);
> - strcpy (part_map_entry->name, mac_part_data->volume_name);
> - strcpy (part_map_entry->type, mac_part_data->system_name);
> + strncpy (part_map_entry->name, mac_part_data->volume_name, 32);
> + strncpy (part_map_entry->type, mac_part_data->system_name, 32);
>
> if (mac_part_data->is_driver) {
> mac_part_data->boot_region_length = part->geom.length;
> --
> 2.3.0
Thanks, pushed.
--
Brian C. Lane | Anaconda Team | IRC: bcl #anaconda | Port Orchard, WA (PST8PDT)
More information about the parted-devel
mailing list