From 531eb00aaa03f448cdb3f0c647db7f8d4544c50a Mon Sep 17 00:00:00 2001

From: "Brian C. Lane" <bcl@redhat.com>

Date: Mon, 23 Jul 2018 14:34:30 -0700

Subject: [PATCH 84/88] Fix the length of several strncpy calls

These need to be 1 less than the allocated size of the buffer, strncpy

will fill shorter strings with zeros, but there needs to be room for at

least one 0x00 at the end if the string is the same length as the buffer

and has no terminating 0x00.

Related: rhbz#1602652

---

 libparted/arch/linux.c | 12 ++++++++----

 libparted/labels/mac.c |  9 ++++++---

 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/libparted/arch/linux.c b/libparted/arch/linux.c

index 1c26b8c..dd4820d 100644

--- a/libparted/arch/linux.c

+++ b/libparted/arch/linux.c

@@ -2571,9 +2571,12 @@ _blkpg_add_partition (PedDisk* disk, const PedPartition *part)

                 linux_part.length = part->geom.length * disk->dev->sector_size;

         }

         linux_part.pno = part->num;

-        strncpy (linux_part.devname, dev_name, BLKPG_DEVNAMELTH);

-        if (vol_name)

-                strncpy (linux_part.volname, vol_name, BLKPG_VOLNAMELTH);

+        strncpy (linux_part.devname, dev_name, BLKPG_DEVNAMELTH-1);

+        linux_part.devname[BLKPG_DEVNAMELTH-1] = '\0';

+        if (vol_name) {

+                strncpy (linux_part.volname, vol_name, BLKPG_VOLNAMELTH-1);

+                linux_part.volname[BLKPG_VOLNAMELTH-1] = '\0';

+        }

         free (dev_name);

@@ -2629,7 +2632,8 @@ static int _blkpg_resize_partition (PedDisk* disk, const PedPartition *part)

         else

                 linux_part.length = part->geom.length * disk->dev->sector_size;

         linux_part.pno = part->num;

-        strncpy (linux_part.devname, dev_name, BLKPG_DEVNAMELTH);

+        strncpy (linux_part.devname, dev_name, BLKPG_DEVNAMELTH-1);

+        linux_part.devname[BLKPG_DEVNAMELTH-1] = '\0';

         free (dev_name);

diff --git a/libparted/labels/mac.c b/libparted/labels/mac.c

index fa4e43f..4942c82 100644

--- a/libparted/labels/mac.c

+++ b/libparted/labels/mac.c

@@ -930,8 +930,10 @@ _generate_raw_part (PedDisk* disk, PedPartition* part,

 		= PED_CPU_TO_BE32 (mac_disk_data->last_part_entry_num);

 	part_map_entry->start_block = PED_CPU_TO_BE32 (part->geom.start);

 	part_map_entry->block_count = PED_CPU_TO_BE32 (part->geom.length);

-	strncpy (part_map_entry->name, mac_part_data->volume_name, 32);

-	strncpy (part_map_entry->type, mac_part_data->system_name, 32);

+	strncpy (part_map_entry->name, mac_part_data->volume_name, 31);

+	part_map_entry->name[31] = '\0';

+	strncpy (part_map_entry->type, mac_part_data->system_name, 31);

+	part_map_entry->type[31] = '\0';

 	if (mac_part_data->is_driver) {

 		if (mac_part_data->has_driver)

@@ -954,7 +956,8 @@ _generate_raw_part (PedDisk* disk, PedPartition* part,

 	part_map_entry->boot_cksum =

 		PED_CPU_TO_BE32 (mac_part_data->boot_checksum);

-	strncpy (part_map_entry->processor, mac_part_data->processor_name, 16);

+	strncpy (part_map_entry->processor, mac_part_data->processor_name, 15);

+	part_map_entry->processor[15] = '\0';

 	if (!_pad_raw_part (disk, part->num, part_map))

 		goto error;

-- 

2.17.1