befs: use strlcpy()
diff mbox series

Message ID 20051030011817.GA32602@mipter.zuzino.mipt.ru
State New, archived
Headers show
Series
  • befs: use strlcpy()
Related show

Commit Message

Alexey Dobriyan Oct. 30, 2005, 1:18 a.m. UTC
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
---
	Looks like second strncpy() can fill symlink buffer without
	NUL-termination which would cause bad things later, though I
	may be wrong.

 fs/befs/btree.c    |    3 +--
 fs/befs/linuxvfs.c |    4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Comments

Andreas Schwab Oct. 30, 2005, 10:38 a.m. UTC | #1
Alexey Dobriyan <adobriyan@gmail.com> writes:

> --- a/fs/befs/btree.c
> +++ b/fs/befs/btree.c
> @@ -503,10 +503,9 @@ befs_btree_read(struct super_block *sb, 
>  		goto error_alloc;
>  	};
>  
> -	strncpy(keybuf, keystart, keylen);
> +	strlcpy(keybuf, keystart, keylen);
>  	*value = fs64_to_cpu(sb, valarray[cur_key]);
>  	*keysize = keylen;
> -	keybuf[keylen] = '\0';

You are now cutting off the last character of the string.  keylen is the
exact size of the string to be copied, _not_ the size of the buffer (which
is bufsize and guaranteed to be big enough at this point).

Andreas.

Patch
diff mbox series

--- a/fs/befs/btree.c
+++ b/fs/befs/btree.c
@@ -503,10 +503,9 @@  befs_btree_read(struct super_block *sb, 
 		goto error_alloc;
 	};
 
-	strncpy(keybuf, keystart, keylen);
+	strlcpy(keybuf, keystart, keylen);
 	*value = fs64_to_cpu(sb, valarray[cur_key]);
 	*keysize = keylen;
-	keybuf[keylen] = '\0';
 
 	befs_debug(sb, "Read [%Lu,%d]: Key \"%.*s\", Value %Lu", node_off,
 		   cur_key, keylen, keybuf, *value);
--- linux-vanilla/fs/befs/linuxvfs.c
+++ linux-strlcpy/fs/befs/linuxvfs.c
@@ -381,8 +381,8 @@  befs_read_inode(struct inode *inode)
 	if (S_ISLNK(inode->i_mode) && !(befs_ino->i_flags & BEFS_LONG_SYMLINK)){
 		inode->i_size = 0;
 		inode->i_blocks = befs_sb->block_size / VFS_BLOCK_SIZE;
-		strncpy(befs_ino->i_data.symlink, raw_inode->data.symlink,
-			BEFS_SYMLINK_LEN);
+		strlcpy(befs_ino->i_data.symlink, raw_inode->data.symlink,
+			sizeof(befs_ino->i_data.symlink));
 	} else {
 		int num_blks;