From patchwork Wed Oct 24 08:24:02 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rock Lee X-Patchwork-Id: 1636381 Return-Path: X-Original-To: patchwork-linux-btrfs@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork1.kernel.org (Postfix) with ESMTP id 94D423FCF7 for ; Wed, 24 Oct 2012 08:24:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933550Ab2JXIYv (ORCPT ); Wed, 24 Oct 2012 04:24:51 -0400 Received: from m53-178.qiye.163.com ([123.58.178.53]:40681 "EHLO m53-178.qiye.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933529Ab2JXIYt (ORCPT ); Wed, 24 Oct 2012 04:24:49 -0400 Received: from mail-lb0-f174.google.com (mail-lb0-f174.google.com [209.85.217.174]) by m53-178.qiye.163.com (HMail) with ESMTPA id E4B6112284C5 for ; Wed, 24 Oct 2012 16:24:45 +0800 (CST) Received: by mail-lb0-f174.google.com with SMTP id n3so897335lbo.19 for ; Wed, 24 Oct 2012 01:24:42 -0700 (PDT) Received: by 10.152.124.201 with SMTP id mk9mr13865147lab.33.1351067082784; Wed, 24 Oct 2012 01:24:42 -0700 (PDT) MIME-Version: 1.0 Received: by 10.152.36.73 with HTTP; Wed, 24 Oct 2012 01:24:02 -0700 (PDT) From: Rock Lee Date: Wed, 24 Oct 2012 16:24:02 +0800 Message-ID: Subject: [BUG][PATCH][BTRFS-PROGS] Bug overflow fix To: linux-btrfs@vger.kernel.org X-HM-Spam-Status: e1koWUFPN1dZCBgUCR5ZQUpVTk9CQkJCQk5JSEpNSUNPSVdZCQ4XHghZQVkoKz0kKzooKCQyNSQz Pjo*PilBS1VLQDYjJCI#KCQyNSQzPjo*PilBS1VLQCsvKSQiPigkMjUkMz46Pz4pQUtVS0A4NC41 LykiJC4oQUtVS0ApPjwyNDUkNTQpLzMkOjY#KTI4OkFLVUtAPyI1OjYyOCQyKyQ1NCQyNSQzPjo* PilBS1VLQDIrJEokNjI1Li8#JDg1LyRLJEpLQUtVS0AyKyRISyQ2MjUuLz4kODUvJEskTktBS1VL QDIrJE4kNjI1Li8#JDg1LyRLJEpLQUtVS0AyKyQvND86IiQ4NS8kSyRKS0tBS1VLQDIrJEokMzQu KSQ4NS8kSyRKS0tBS1VLQCguOSQ#QUpVTk5ZBg++ X-HM-Sender-Digest: e1kSHx4VD1lBWUc6NDo6Hyo*HjozIko9Ky4KHjAdCjwKFFZVSlVKSE5KS01MS0NOTktJVTMWGhIX VQESFhIXFDsYFB8eVg8JEhgQVRgUFkVZV1kMHhlZQR0aFwgeBg++ Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org If there's is a long name directory exists in the /dev, then an overflow will hit in function utils.c btrfs_scan_one_dir:1013! The minimal fix is to use snprintf instead of strcpy. The reason why not using strncpy is that, if there is no null byte among the first n bytes of src, the string placed in dest will not be null - terminated. Signed-off-by: Rock Lee --- utils.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/utils.c b/utils.c index 3c88d2e..7200aef 100644 --- a/utils.c +++ b/utils.c @@ -969,7 +969,7 @@ int btrfs_scan_one_dir(char *dirname, int run_ioctl) pending = malloc(sizeof(*pending)); if (!pending) return -ENOMEM; - strcpy(pending->name, dirname); + snprintf(pending->name, sizeof(pending->name), "%s", dirname); again: dirname_len = strlen(pending->name); @@ -1010,7 +1010,8 @@ again: ret = -ENOMEM; goto fail; } - strcpy(next->name, fullpath); + snprintf(next->name, sizeof(next->name), + "%s", fullpath); list_add_tail(&next->list, &pending_list); } if (!S_ISBLK(st.st_mode)) {