From 7616738176f44cce8b6cfb0e1f65be8e1dc72f49 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Tue, 31 Mar 2015 09:56:35 +0200
Subject: libgfdb: fix possible illegal memory access (CID 1288820)

Coverity CID 1288820

strncpy executed with a limit equal to the target array
size potentially leaves the target string not null terminated.
Make sure the copied string is a valid 0 terminated string.

Change-Id: I39ff6a64ca5b9e30562226dd34c5b06267b75b87
BUG: 789278
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-on: http://review.gluster.org/10063
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Poornima G <pgurusid@redhat.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Joseph Fernandes <josferna@redhat.com>
Tested-by: Joseph Fernandes <josferna@redhat.com>
---
 libglusterfs/src/gfdb/gfdb_sqlite3.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libglusterfs/src/gfdb/gfdb_sqlite3.c b/libglusterfs/src/gfdb/gfdb_sqlite3.c
index fa654840803..1bfeb811f6b 100644
--- a/libglusterfs/src/gfdb/gfdb_sqlite3.c
+++ b/libglusterfs/src/gfdb/gfdb_sqlite3.c
@@ -418,7 +418,8 @@ gf_sqlite3_init (dict_t *args, void **db_conn) {
         temp_str = NULL;
         GET_DB_PARAM_FROM_DICT(GFDB_STR_SQLITE3, args,
                         GFDB_SQL_PARAM_DBPATH, temp_str, out);
-        strncpy(sql_conn->sqlite3_db_path, temp_str, PATH_MAX);
+        strncpy(sql_conn->sqlite3_db_path, temp_str, PATH_MAX-1);
+        sql_conn->sqlite3_db_path[PATH_MAX-1] = 0;
 
         is_dbfile_exist = (stat (sql_conn->sqlite3_db_path, &stbuf) == 0) ?
                                                 _gf_true : _gf_false;
-- 
cgit