d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

aacraid(4): Fix some mostly trivial buffer overruns

Browse Source 
strcpy(3) emits a trailing nul byte, trampling fields after the intended
destination.  Instead, use strncpy(3), intentionally leaving these fields
not nul-terminated.

Reported by:	Coverity
CIDs:		1031024, 1305463, 1305494, 1305545
Sponsored by:	EMC / Isilon Storage Division
This commit is contained in:
cem 2016-04-26 20:59:21 +00:00
parent b91af2a23d
commit eef3bca304
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/dev/aacraid/aacraid_cam.c
View File

@ -568,9 +568,11 @@ aac_container_special_command(struct cam_sim *sim, union ccb *ccb,
p->additional_length = 31;
p->flags = SID_WBus16|SID_Sync|SID_CmdQue;
/* OEM Vendor defines */
strcpy(p->vendor,"Adaptec ");
strcpy(p->product,"Array ");
strcpy(p->revision,"V1.0");
strncpy(p->vendor, "Adaptec ", sizeof(p->vendor));
strncpy(p->product, "Array ",
sizeof(p->product));
strncpy(p->revision, "V1.0",
sizeof(p->revision));
}
} else {
if (inq->page_code == SVPD_SUPPORTED_PAGE_LIST) {