RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-03-31 16:25:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

osd/ClassHandler.cc: fix STRING_OVERFLOW

Browse Source 
CID 1058792 ( of 1): Copy into fixed size buffer (STRING_OVERFLOW)
 fixed_size_dest: You might overrun the 4097 byte fixed-size string
 cname by copying &pde->d_name[8UL] - 1 without checking the length.

Signed-off-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
This commit is contained in:
Danny Al-Gaaf 2015-05-05 14:38:04 +02:00
parent 0a45a7a19e
commit f5ae56b57c
1 changed files with 1 additions and 1 deletions

2
src/osd/ClassHandler.cc
View File

@ -56,7 +56,7 @@ int ClassHandler::open_all_classes()
strncmp(pde->d_name, CLS_PREFIX, sizeof(CLS_PREFIX) - 1) == 0 &&
strcmp(pde->d_name + strlen(pde->d_name) - (sizeof(CLS_SUFFIX) - 1), CLS_SUFFIX) == 0) {
char cname[PATH_MAX + 1];
strcpy(cname, pde->d_name + sizeof(CLS_PREFIX) - 1);
strncpy(cname, pde->d_name + sizeof(CLS_PREFIX) - 1, sizeof(cname) -1);
cname[strlen(cname) - (sizeof(CLS_SUFFIX) - 1)] = '\0';
dout(10) << __func__ << " found " << cname << dendl;
ClassData *cls;