diff options
| author | Jens Axboe <axboe@fb.com> | 2015-01-05 08:47:01 -0700 |
|---|---|---|
| committer | Mohamad Ayyash <mkayyash@google.com> | 2015-03-06 17:58:12 -0800 |
| commit | 75289eeb81db9a8f85285f2d62b74c506960678c (patch) | |
| tree | b110e635e8d6e44a70a6880184ed19d9d02de38d | |
| parent | 12585bc837f66f6311431f16ae19cd6d13c300ae (diff) | |
| download | fio-75289eeb81db9a8f85285f2d62b74c506960678c.tar.gz | |
client: fix potential buffer overrun in server name copy
Not an issue right now since pdu.server is larger than the buffer,
but that could change at some point. Better be safe.
Signed-off-by: Jens Axboe <axboe@fb.com>
| -rw-r--r-- | client.c | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -380,6 +380,7 @@ static const char *server_name(struct fio_client *client, char *buf, static void probe_client(struct fio_client *client) { struct cmd_client_probe_pdu pdu; + const char *sname; uint64_t tag; char buf[64]; @@ -391,7 +392,9 @@ static void probe_client(struct fio_client *client) pdu.flags = 0; #endif - strcpy((char *) pdu.server, server_name(client, buf, sizeof(buf))); + sname = server_name(client, buf, sizeof(buf)); + memset(pdu.server, 0, sizeof(pdu.server)); + strncpy((char *) pdu.server, sname, sizeof(pdu.server) - 1); fio_net_send_cmd(client->fd, FIO_NET_CMD_PROBE, &pdu, sizeof(pdu), &tag, &client->cmd_list); } |