block: avoid buffer overrun by using pstrcpy, not strncpy Also, use PATH_MAX, rather than the arbitrary 1024. Using PATH_MAX is more consistent with other filename-related variables in this file, like backing_filename and tmp_filename. Acked-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Jim Meyering <meyering@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
diff --git a/block.c b/block.c index c108a76..e95f613 100644 --- a/block.c +++ b/block.c
@@ -1506,7 +1506,7 @@ int n, ro, open_flags; int ret = 0; uint8_t *buf; - char filename[1024]; + char filename[PATH_MAX]; if (!drv) return -ENOMEDIUM; @@ -1520,7 +1520,8 @@ } ro = bs->backing_hd->read_only; - strncpy(filename, bs->backing_hd->filename, sizeof(filename)); + /* Use pstrcpy (not strncpy): filename must be NUL-terminated. */ + pstrcpy(filename, sizeof(filename), bs->backing_hd->filename); open_flags = bs->backing_hd->open_flags; if (ro) {