|
 |
003ee8 |
From 783e08a4e5f6769f7ebd2f3e43ca4ccfab003e8b Mon Sep 17 00:00:00 2001
|
|
|
003ee8 |
From: Sergei Antonov <saproj@gmail.com>
|
|
|
003ee8 |
Date: Fri, 3 Jul 2015 00:21:23 +0200
|
|
|
003ee8 |
Subject: [PATCH 66/75] mac: copy partition type and name correctly
|
|
|
003ee8 |
|
|
|
003ee8 |
Use strncpy() instead of strcpy() to copy partition name and type.
|
|
|
003ee8 |
This prevents possible buffer overflow, because the source string
|
|
|
003ee8 |
occupies up to 33 bytes with a terminating null.
|
|
|
003ee8 |
|
|
|
003ee8 |
Static analysis tools complain about the code as it is now:
|
|
|
003ee8 |
Function: _generate_raw_part
|
|
|
003ee8 |
Destination buffer too small
|
|
|
003ee8 |
string_overflow: You might overrun the 32 byte destination string
|
|
|
003ee8 |
part_map_entry->type by writing 33 bytes from mac_part_data->system_name
|
|
|
003ee8 |
(Destination buffer too small, line 933)
|
|
|
003ee8 |
|
|
|
003ee8 |
Cc: Sabas Rosales, Blanca E <blanca.e.sabas.rosales@intel.com>
|
|
|
003ee8 |
Signed-off-by: Sergei Antonov <saproj@gmail.com>
|
|
|
003ee8 |
Signed-off-by: Brian C. Lane <bcl@brianlane.com>
|
|
|
003ee8 |
(cherry picked from commit 282e25e0384e8d1275ccacf904fdaf65f1d4a8af)
|
|
|
003ee8 |
---
|
|
|
003ee8 |
libparted/labels/mac.c | 4 ++--
|
|
|
003ee8 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
003ee8 |
|
|
|
003ee8 |
diff --git a/libparted/labels/mac.c b/libparted/labels/mac.c
|
|
|
003ee8 |
index 1034418..d8da941 100644
|
|
|
003ee8 |
--- a/libparted/labels/mac.c
|
|
|
003ee8 |
+++ b/libparted/labels/mac.c
|
|
|
003ee8 |
@@ -930,8 +930,8 @@ _generate_raw_part (PedDisk* disk, PedPartition* part,
|
|
|
003ee8 |
= PED_CPU_TO_BE32 (mac_disk_data->last_part_entry_num);
|
|
|
003ee8 |
part_map_entry->start_block = PED_CPU_TO_BE32 (part->geom.start);
|
|
|
003ee8 |
part_map_entry->block_count = PED_CPU_TO_BE32 (part->geom.length);
|
|
|
003ee8 |
- strcpy (part_map_entry->name, mac_part_data->volume_name);
|
|
|
003ee8 |
- strcpy (part_map_entry->type, mac_part_data->system_name);
|
|
|
003ee8 |
+ strncpy (part_map_entry->name, mac_part_data->volume_name, 32);
|
|
|
003ee8 |
+ strncpy (part_map_entry->type, mac_part_data->system_name, 32);
|
|
|
003ee8 |
|
|
|
003ee8 |
if (mac_part_data->is_driver) {
|
|
|
003ee8 |
mac_part_data->boot_region_length = part->geom.length;
|
|
|
003ee8 |
--
|
|
|
003ee8 |
2.9.3
|
|
|
003ee8 |
|