From 87788a273e6026fb125e0a73d8a9034a32a2e2dc Mon Sep 17 00:00:00 2001
From: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Date: Sun, 17 May 2015 00:26:06 +0530
Subject: features/changelog: fix buffer overrun in changelog-helpers

changelog-helpers.c:1911:17: warning: Size argument is greater than the free
space in the destination buffer strncat (result, pre_dir_name, PATH_MAX);
                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

changelog-helpers.c:1919:17: warning: Size argument is greater than the free
space in the destination buffer strncat (result, bname, PATH_MAX);
                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Backport of:
> Change-Id: I60ca7fe762f07cb72fe7b69f0253835becaff7b9
> BUG: 1222238
> Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
> Reviewed-on: http://review.gluster.org/10802
> Tested-by: NetBSD Build System <jenkins@build.gluster.org>
> Reviewed-by: Venky Shankar <vshankar@redhat.com>
> (cherry picked from commit 09530dfd822c8c3cc8da20a4600b5d2aec1ebf9d)

Change-Id: I46e1bf48b62f95e21f6615ac4afc22032f16f5a2
BUG:1252057
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-on: http://review.gluster.org/12494
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
---
 xlators/features/changelog/src/changelog-helpers.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'xlators/features/changelog/src')

diff --git a/xlators/features/changelog/src/changelog-helpers.c b/xlators/features/changelog/src/changelog-helpers.c
index 144bf542186..73963779418 100644
--- a/xlators/features/changelog/src/changelog-helpers.c
+++ b/xlators/features/changelog/src/changelog-helpers.c
@@ -1904,17 +1904,15 @@ resolve_pargfid_to_path (xlator_t *this, uuid_t pargfid,
                                      &saveptr);
                 dir_name = strtok_r (NULL, "/", &saveptr);
 
-                strncpy (result, dir_name, PATH_MAX);
-                strncat (result, "/", 1);
-                strncat (result, pre_dir_name, PATH_MAX);
-                strncpy (pre_dir_name, result, PATH_MAX);
+                snprintf (result, PATH_MAX, "%s/%s", dir_name, pre_dir_name);
+                strncpy (pre_dir_name, result, sizeof(pre_dir_name));
 
                 gf_uuid_parse (pgfidstr, tmp_gfid);
                 gf_uuid_copy (pargfid, tmp_gfid);
         }
 
         if (bname)
-                strncat (result, bname, PATH_MAX);
+                strncat (result, bname, strlen(bname) + 1);
 
         *path = gf_strdup (result);
 
-- 
cgit