From cf16a350552ed853d7228f5ebfa3353a7e0538c9 Mon Sep 17 00:00:00 2001 From: Nigel Croxon Date: Wed, 25 Aug 2021 11:30:14 -0400 Subject: [PATCH] Fix buffer size warning for strcpy To meet requirements of Common Criteria certification vulnerability assessment. Static code analysis has been run and found the following error: buffer_size_warning: Calling "strncpy" with a maximum size argument of 16 bytes on destination array "ve->name" of size 16 bytes might leave the destination string unterminated. https://people.redhat.com/ncroxon/mdadm-4.2-rc2-scan-results.html The change is to make the destination size to fit the allocated size. V5: Simplify the the strnlen call. V4: Code cleanup of the interim "if" statement. V3: Doc change only: The code change from filling ve->name with spaces to filling it with null-terminated is to comform to the SNIA - Common RAID Disk Data Format Specification. The format for VD_Name (ve->name) specifies the field to be either ASCII or UNICODE. Bit 2 of the VD_Type field MUST be used to determine the Unicode or ASCII format of this field. If this field is not used, all bytes MUST be set to zero. V2: Change from zero-terminated to zero-padded on memset and change from using strncpy to memcpy, feedback from Neil Brown. Tested-by: Mariusz Tkaczyk Signed-off-by: Nigel Croxon Signed-off-by: Jes Sorensen --- super-ddf.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/super-ddf.c b/super-ddf.c index afbe3b7..d334a79 100644 --- a/super-ddf.c +++ b/super-ddf.c @@ -2637,9 +2637,11 @@ static int init_super_ddf_bvd(struct supertype *st, ve->init_state = DDF_init_not; memset(ve->pad1, 0xff, 14); - memset(ve->name, ' ', 16); - if (name) - strncpy(ve->name, name, 16); + memset(ve->name, '\0', sizeof(ve->name)); + if (name) { + int l = strnlen(name, sizeof(ve->name)); + memcpy(ve->name, name, l); + } ddf->virt->populated_vdes = cpu_to_be16(be16_to_cpu(ddf->virt->populated_vdes)+1);