diff options
| author | Christian Marangi | 2024-01-22 00:41:24 +0000 |
|---|---|---|
| committer | Christian Marangi | 2024-01-22 00:45:32 +0000 |
| commit | 08cd7083cac4bddf88459efa0881ee52858e7d0a (patch) | |
| tree | bf9d436a757b023f13bbb765801c6593995aa34c | |
| parent | 2171f62615569bace6e53617480d8f233f8f3b94 (diff) | |
| download | fstools-08cd7083cac4bddf88459efa0881ee52858e7d0a.tar.gz | |
libfstools: fit: improve fit_volume_find string handling
While string are hardcoded and it's impossible to overflow it, make the
string handling more secure to mute Coverity Scan report by using
strncpy and adding a define for the max size of the DEVPATHSTR.
Fix Coverity Scan CID 1586643: Security best practices violations
(STRING_OVERFLOW).
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
| -rw-r--r-- | libfstools/fit.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/libfstools/fit.c b/libfstools/fit.c index b0da854..a8f0c66 100644 --- a/libfstools/fit.c +++ b/libfstools/fit.c @@ -3,6 +3,7 @@ #include "common.h" #define BUFLEN 64 +#define DEVPATHSTR_SIZE 15 static const char *const fit0 = "/dev/fit0"; static const char *const fitrw = "/dev/fitrw"; @@ -15,7 +16,7 @@ struct devpath { struct fit_volume { struct volume v; union { - char devpathstr[16]; + char devpathstr[DEVPATHSTR_SIZE+1]; struct devpath devpath; } dev; }; @@ -79,7 +80,7 @@ static struct volume *fit_volume_find(char *name) if (!p) return NULL; - strcpy(p->dev.devpathstr, fname); + strncpy(p->dev.devpathstr, fname, DEVPATHSTR_SIZE); p->v.drv = &fit_driver; p->v.blk = p->dev.devpathstr; p->v.name = name; |