From 783e08a4e5f6769f7ebd2f3e43ca4ccfab003e8b Mon Sep 17 00:00:00 2001

From: Sergei Antonov <saproj@gmail.com>

Date: Fri, 3 Jul 2015 00:21:23 +0200

Subject: [PATCH 66/75] mac: copy partition type and name correctly

Use strncpy() instead of strcpy() to copy partition name and type.

This prevents possible buffer overflow, because the source string

occupies up to 33 bytes with a terminating null.

Static analysis tools complain about the code as it is now:

  Function: _generate_raw_part

  Destination buffer too small

  string_overflow: You might overrun the 32 byte destination string

  part_map_entry->type by writing 33 bytes from mac_part_data->system_name

  (Destination buffer too small, line 933)

Cc: Sabas Rosales, Blanca E <blanca.e.sabas.rosales@intel.com>

Signed-off-by: Sergei Antonov <saproj@gmail.com>

Signed-off-by: Brian C. Lane <bcl@brianlane.com>

(cherry picked from commit 282e25e0384e8d1275ccacf904fdaf65f1d4a8af)

---

 libparted/labels/mac.c | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libparted/labels/mac.c b/libparted/labels/mac.c

index 1034418..d8da941 100644

--- a/libparted/labels/mac.c

+++ b/libparted/labels/mac.c

@@ -930,8 +930,8 @@ _generate_raw_part (PedDisk* disk, PedPartition* part,

 		= PED_CPU_TO_BE32 (mac_disk_data->last_part_entry_num);

 	part_map_entry->start_block = PED_CPU_TO_BE32 (part->geom.start);

 	part_map_entry->block_count = PED_CPU_TO_BE32 (part->geom.length);

-	strcpy (part_map_entry->name, mac_part_data->volume_name);

-	strcpy (part_map_entry->type, mac_part_data->system_name);

+	strncpy (part_map_entry->name, mac_part_data->volume_name, 32);

+	strncpy (part_map_entry->type, mac_part_data->system_name, 32);

 	if (mac_part_data->is_driver) {

 		mac_part_data->boot_region_length = part->geom.length;

-- 

2.9.3