From eef3bca304a459dc1be56ef13cdbe60e896d3935 Mon Sep 17 00:00:00 2001
From: cem <cem@FreeBSD.org>
Date: Tue, 26 Apr 2016 20:59:21 +0000
Subject: [PATCH] aacraid(4): Fix some mostly trivial buffer overruns

strcpy(3) emits a trailing nul byte, trampling fields after the intended
destination.  Instead, use strncpy(3), intentionally leaving these fields
not nul-terminated.

Reported by:	Coverity
CIDs:		1031024, 1305463, 1305494, 1305545
Sponsored by:	EMC / Isilon Storage Division
---
 sys/dev/aacraid/aacraid_cam.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/sys/dev/aacraid/aacraid_cam.c b/sys/dev/aacraid/aacraid_cam.c
index 922673f1c183..394b67d725f8 100644
--- a/sys/dev/aacraid/aacraid_cam.c
+++ b/sys/dev/aacraid/aacraid_cam.c
@@ -568,9 +568,11 @@ aac_container_special_command(struct cam_sim *sim, union ccb *ccb,
 				p->additional_length = 31;
 				p->flags = SID_WBus16|SID_Sync|SID_CmdQue;
 				/* OEM Vendor defines */
-				strcpy(p->vendor,"Adaptec ");
-				strcpy(p->product,"Array           ");
-				strcpy(p->revision,"V1.0");
+				strncpy(p->vendor, "Adaptec ", sizeof(p->vendor));
+				strncpy(p->product, "Array           ",
+				    sizeof(p->product));
+				strncpy(p->revision, "V1.0",
+				    sizeof(p->revision));
 			}	
 		} else {
 			if (inq->page_code == SVPD_SUPPORTED_PAGE_LIST) {