From 528d94380bb9e45ebc4f09d532085476f87f32cc Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Tue, 19 Jun 2012 12:30:21 +0200 Subject: glusterd-rpc-ops: avoid buffer overrun for over-long key strncpy explicitly does not NUL-terminate when source string has length >= the length specified via strncpy's 3rd argument. Assuming strncpy is justified (i.e., that it may truncate), be sure to NUL-terminate its destination buffer. Change-Id: Ia67bf136cdfae6d9850f673923c01baa3cdef9d8 BUG: 789278 Signed-off-by: Jim Meyering Reviewed-on: http://review.gluster.com/3592 Tested-by: Gluster Build System Reviewed-by: Anand Avati --- xlators/mgmt/glusterd/src/glusterd-rpc-ops.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'xlators/mgmt') diff --git a/xlators/mgmt/glusterd/src/glusterd-rpc-ops.c b/xlators/mgmt/glusterd/src/glusterd-rpc-ops.c index 240f808fe..cbe4c05da 100644 --- a/xlators/mgmt/glusterd/src/glusterd-rpc-ops.c +++ b/xlators/mgmt/glusterd/src/glusterd-rpc-ops.c @@ -1033,8 +1033,10 @@ glusterd_volume_status_add_peer_rsp (dict_t *this, char *key, data_t *value, if (index > rsp_ctx->brick_index_max) { snprintf (new_key, sizeof (new_key), "brick%d.%s", index + rsp_ctx->other_count, brick_key); - } else + } else { strncpy (new_key, key, sizeof (new_key)); + new_key[sizeof (new_key) - 1] = 0; + } ret = dict_set (rsp_ctx->dict, new_key, new_value); if (ret) -- cgit