Haven't tested it, but it seems that if node.cn_name has 254 non-null bytes (should be otherwise perfectly valid, actual characters number may vary due to utf-8), it will pester later in the processing due to not being null-terminated (depends whether 255th byte being accidentally zero), strcmp in find_node_by_name being the first troublesome place in row.
After this change and taking preceding condition into account, the situation should be safe. Signed-off-by: Jan Pokorný <[email protected]> --- cman/lib/libcman.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cman/lib/libcman.c b/cman/lib/libcman.c index 6ed8ecb..012047d 100644 --- a/cman/lib/libcman.c +++ b/cman/lib/libcman.c @@ -685,7 +685,7 @@ int cman_get_node(cman_handle_t handle, int nodeid, cman_node_t *node) } cman_node.node_id = nodeid; - strncpy(cman_node.name, node->cn_name, sizeof(cman_node.name) - 1); + strncpy(cman_node.name, node->cn_name, sizeof(cman_node.name)); status = info_call(h, CMAN_CMD_GETNODE, &cman_node, sizeof(struct cl_cluster_node), &cman_node, sizeof(struct cl_cluster_node)); if (status < 0) -- 1.7.11.4
