[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-trivial] [PATCH] hw/9pfs/virtio-9p-proxy: Fix possible overflow
From: |
Shannon Zhao |
Subject: |
[Qemu-trivial] [PATCH] hw/9pfs/virtio-9p-proxy: Fix possible overflow |
Date: |
Fri, 13 Mar 2015 19:09:16 +0800 |
It's detected by coverity. As max of sockaddr_un.sun_path is
sizeof(helper.sun_path), should check the length of source
and use strncpy instead of strcpy.
Signed-off-by: Shannon Zhao <address@hidden>
Signed-off-by: Shannon Zhao <address@hidden>
---
hw/9pfs/virtio-9p-proxy.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/9pfs/virtio-9p-proxy.c b/hw/9pfs/virtio-9p-proxy.c
index 59c7445..fb1ab7b 100644
--- a/hw/9pfs/virtio-9p-proxy.c
+++ b/hw/9pfs/virtio-9p-proxy.c
@@ -1102,12 +1102,13 @@ static int connect_namedsocket(const char *path)
int sockfd, size;
struct sockaddr_un helper;
+ g_assert(strlen(path) < sizeof(helper.sun_path));
sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
if (sockfd < 0) {
fprintf(stderr, "failed to create socket: %s\n", strerror(errno));
return -1;
}
- strcpy(helper.sun_path, path);
+ strncpy(helper.sun_path, path, sizeof(helper.sun_path));
helper.sun_family = AF_UNIX;
size = strlen(helper.sun_path) + sizeof(helper.sun_family);
if (connect(sockfd, (struct sockaddr *)&helper, size) < 0) {
--
1.8.3.1
- [Qemu-trivial] [PATCH] hw/9pfs/virtio-9p-proxy: Fix possible overflow,
Shannon Zhao <=