From 63d24336fd1aad81a4bdefb11d8c487cee5f88a0 Mon Sep 17 00:00:00 2001 From: Jessica Clarke Date: Thu, 28 Oct 2021 01:01:00 +0100 Subject: [PATCH] Fix off-by-one error in msdosfs FAT32 volume label copying I dropped the + 1 from the other two instances in each file but failed to do so for this one, resulting in a more egregious buffer overread than the one I was fixing (since the read character ended up in the output if there was space). Reported by: Jenkins Fixes: 34fb1c133c5b ("Fix intra-object buffer overread for labeled msdosfs volumes") --- sys/geom/label/g_label_msdosfs.c | 2 +- usr.sbin/fstyp/msdosfs.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/geom/label/g_label_msdosfs.c b/sys/geom/label/g_label_msdosfs.c index 2ba35ff80f51..06d5f2a8e0f0 100644 --- a/sys/geom/label/g_label_msdosfs.c +++ b/sys/geom/label/g_label_msdosfs.c @@ -136,7 +136,7 @@ g_label_msdosfs_taste(struct g_consumer *cp, char *label, size_t size) if (strncmp(pfat32_bsbpb->BS_VolLab, LABEL_NO_NAME, sizeof(pfat32_bsbpb->BS_VolLab)) != 0) { copysize = MIN(size - 1, - sizeof(pfat32_bsbpb->BS_VolLab) + 1); + sizeof(pfat32_bsbpb->BS_VolLab)); memcpy(label, pfat32_bsbpb->BS_VolLab, copysize); label[copysize] = '\0'; goto endofchecks; diff --git a/usr.sbin/fstyp/msdosfs.c b/usr.sbin/fstyp/msdosfs.c index ce745869edba..47d2383fbc8f 100644 --- a/usr.sbin/fstyp/msdosfs.c +++ b/usr.sbin/fstyp/msdosfs.c @@ -104,7 +104,7 @@ fstyp_msdosfs(FILE *fp, char *label, size_t size) if (strncmp(pfat32_bsbpb->BS_VolLab, LABEL_NO_NAME, sizeof(pfat32_bsbpb->BS_VolLab)) != 0) { copysize = MIN(size - 1, - sizeof(pfat32_bsbpb->BS_VolLab) + 1); + sizeof(pfat32_bsbpb->BS_VolLab)); memcpy(label, pfat32_bsbpb->BS_VolLab, copysize); label[copysize] = '\0'; goto endofchecks;