From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jan Pokorný Date: Thu, 11 Oct 2012 16:21:05 +0200 Subject: [Cluster-devel] [PATCH 1/3] libcman: fix possible string nontermination: node name In-Reply-To: <1349965267-2261-1-git-send-email-jpokorny@redhat.com> References: <1349965267-2261-1-git-send-email-jpokorny@redhat.com> Message-ID: <1349965267-2261-2-git-send-email-jpokorny@redhat.com> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Haven't tested it, but it seems that if node.cn_name has 254 non-null bytes (should be otherwise perfectly valid, actual characters number may vary due to utf-8), it will pester later in the processing due to not being null-terminated (depends whether 255th byte being accidentally zero), strcmp in find_node_by_name being the first troublesome place in row. After this change and taking preceding condition into account, the situation should be safe. Signed-off-by: Jan Pokorn? --- cman/lib/libcman.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cman/lib/libcman.c b/cman/lib/libcman.c index 6ed8ecb..012047d 100644 --- a/cman/lib/libcman.c +++ b/cman/lib/libcman.c @@ -685,7 +685,7 @@ int cman_get_node(cman_handle_t handle, int nodeid, cman_node_t *node) } cman_node.node_id = nodeid; - strncpy(cman_node.name, node->cn_name, sizeof(cman_node.name) - 1); + strncpy(cman_node.name, node->cn_name, sizeof(cman_node.name)); status = info_call(h, CMAN_CMD_GETNODE, &cman_node, sizeof(struct cl_cluster_node), &cman_node, sizeof(struct cl_cluster_node)); if (status < 0) -- 1.7.11.4