[07/11] nfsdcld: Don't copy more data than exists in column
diff mbox series

Message ID 20200718092421.31691-8-nazard@nazar.ca
State New
Headers show
Series
  • nfs-utils: Misc cleanups & fixes
Related show

Commit Message

Doug Nazar July 18, 2020, 9:24 a.m. UTC
Found with valgrind.

Signed-off-by: Doug Nazar <nazard@nazar.ca>
---
 utils/nfsdcld/sqlite.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

Patch
diff mbox series

diff --git a/utils/nfsdcld/sqlite.c b/utils/nfsdcld/sqlite.c
index 8fd1d0c2..03016fb9 100644
--- a/utils/nfsdcld/sqlite.c
+++ b/utils/nfsdcld/sqlite.c
@@ -1330,20 +1330,26 @@  sqlite_iterate_recovery(int (*cb)(struct cld_client *clnt), struct cld_client *c
 	}
 
 	while ((ret = sqlite3_step(stmt)) == SQLITE_ROW) {
+		const void *id;
+		int id_len;
+
+		id = sqlite3_column_blob(stmt, 0);
+		id_len = sqlite3_column_bytes(stmt, 0);
+		if (id_len > NFS4_OPAQUE_LIMIT)
+			id_len = NFS4_OPAQUE_LIMIT;
+
 		memset(&cmsg->cm_u, 0, sizeof(cmsg->cm_u));
 #if UPCALL_VERSION >= 2
-		memcpy(&cmsg->cm_u.cm_clntinfo.cc_name.cn_id,
-			sqlite3_column_blob(stmt, 0), NFS4_OPAQUE_LIMIT);
-		cmsg->cm_u.cm_clntinfo.cc_name.cn_len = sqlite3_column_bytes(stmt, 0);
+		memcpy(&cmsg->cm_u.cm_clntinfo.cc_name.cn_id, id, id_len);
+		cmsg->cm_u.cm_clntinfo.cc_name.cn_len = id_len;
 		if (sqlite3_column_bytes(stmt, 1) > 0) {
 			memcpy(&cmsg->cm_u.cm_clntinfo.cc_princhash.cp_data,
 				sqlite3_column_blob(stmt, 1), SHA256_DIGEST_SIZE);
 			cmsg->cm_u.cm_clntinfo.cc_princhash.cp_len = sqlite3_column_bytes(stmt, 1);
 		}
 #else
-		memcpy(&cmsg->cm_u.cm_name.cn_id, sqlite3_column_blob(stmt, 0),
-			NFS4_OPAQUE_LIMIT);
-		cmsg->cm_u.cm_name.cn_len = sqlite3_column_bytes(stmt, 0);
+		memcpy(&cmsg->cm_u.cm_name.cn_id, id, id_len);
+		cmsg->cm_u.cm_name.cn_len = id_len;
 #endif
 		cb(clnt);
 	}