----- Original Message ----- > From: "Johannes Thumshirn" <[email protected]> > To: "Vasu Dev" <[email protected]>, [email protected] > Sent: Wednesday, June 15, 2016 10:47:41 AM > Subject: [Open-FCoE] [PATCH] fcoeadm: Fix possible buffer overflows > > Fix 3 possible buffer overflows when strncat()ing strings together. > > Signed-off-by: Johannes Thumshirn <[email protected]> > --- > fcoeadm_display.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/fcoeadm_display.c b/fcoeadm_display.c > index 16ccb6b..7b95aa4 100644 > --- a/fcoeadm_display.c > +++ b/fcoeadm_display.c > @@ -267,13 +267,13 @@ static void show_full_lun_info(unsigned int hba, > unsigned int port, > if (!port_attrs) > goto free_rport; > > - strncat(path, "/device/", sizeof(path)); > + strncat(path, "/device/", sizeof(path) - strlen(path) - 1); > > sa_sys_read_line(path, "rev", rev, sizeof(rev)); > sa_sys_read_line(path, "model", model, sizeof(model)); > sa_sys_read_line(path, "vendor", vendor, sizeof(vendor)); > > - strncat(path, "block", sizeof(path)); > + strncat(path, "block", sizeof(path) - strlen(path) - 1); > > dir = opendir(path); > if (!dir) > @@ -349,7 +349,7 @@ static void show_short_lun_info(unsigned int hba, > unsigned int port, > sa_sys_read_line(path, "model", model, sizeof(model)); > sa_sys_read_line(path, "vendor", vendor, sizeof(vendor)); > > - strncat(path, "block", sizeof(path)); > + strncat(path, "block", sizeof(path) - strlen(path) - 1); > > dir = opendir(path); > if (!dir) > -- > 2.8.4 > > _______________________________________________ > fcoe-devel mailing list > [email protected] > http://lists.open-fcoe.org/mailman/listinfo/fcoe-devel >
Looks correct to me, offset -1 to allow for string termination. Reviewed-by Laurence Oberman <[email protected]> _______________________________________________ fcoe-devel mailing list [email protected] http://lists.open-fcoe.org/mailman/listinfo/fcoe-devel
