Commit c2cba3d9 authored by Jim Meyering's avatar Jim Meyering Committed by Anthony Liguori
Browse files

block: avoid buffer overrun by using pstrcpy, not strncpy 



Also, use PATH_MAX, rather than the arbitrary 1024.
Using PATH_MAX is more consistent with other filename-related
variables in this file, like backing_filename and tmp_filename.

Acked-by: default avatarKevin Wolf <kwolf@redhat.com>
Signed-off-by: default avatarJim Meyering <meyering@redhat.com>
Signed-off-by: default avatarAnthony Liguori <aliguori@us.ibm.com>
parent bfad6739

block.c

+3 −2
Original line number Diff line number Diff line
@@ -1506,7 +1506,7 @@ int bdrv_commit(BlockDriverState *bs) 
    int n, ro, open_flags;

    int ret = 0;

    uint8_t *buf;

    char filename[1024];

    char filename[PATH_MAX];



    if (!drv)

        return -ENOMEDIUM;
@@ -1520,7 +1520,8 @@ int bdrv_commit(BlockDriverState *bs) 
    }



    ro = bs->backing_hd->read_only;

    strncpy(filename, bs->backing_hd->filename, sizeof(filename));

    /* Use pstrcpy (not strncpy): filename must be NUL-terminated. */

    pstrcpy(filename, sizeof(filename), bs->backing_hd->filename);

    open_flags =  bs->backing_hd->open_flags;



    if (ro) {