- release 6 (by relup.sh)

[packages/parted.git] / 0066-mac-copy-partition-type-and-name-correctly.patch

From 783e08a4e5f6769f7ebd2f3e43ca4ccfab003e8b Mon Sep 17 00:00:00 2001
From: Sergei Antonov <saproj@gmail.com>
Date: Fri, 3 Jul 2015 00:21:23 +0200
Subject: [PATCH 66/75] mac: copy partition type and name correctly

Use strncpy() instead of strcpy() to copy partition name and type.
This prevents possible buffer overflow, because the source string
occupies up to 33 bytes with a terminating null.

Static analysis tools complain about the code as it is now:
  Function: _generate_raw_part
  Destination buffer too small
  string_overflow: You might overrun the 32 byte destination string
  part_map_entry->type by writing 33 bytes from mac_part_data->system_name
  (Destination buffer too small, line 933)

Cc: Sabas Rosales, Blanca E <blanca.e.sabas.rosales@intel.com>
Signed-off-by: Sergei Antonov <saproj@gmail.com>
Signed-off-by: Brian C. Lane <bcl@brianlane.com>
(cherry picked from commit 282e25e0384e8d1275ccacf904fdaf65f1d4a8af)
---
 libparted/labels/mac.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libparted/labels/mac.c b/libparted/labels/mac.c
index 1034418..d8da941 100644
--- a/libparted/labels/mac.c
+++ b/libparted/labels/mac.c
@@ -930,8 +930,8 @@ _generate_raw_part (PedDisk* disk, PedPartition* part,
 		= PED_CPU_TO_BE32 (mac_disk_data->last_part_entry_num);
 	part_map_entry->start_block = PED_CPU_TO_BE32 (part->geom.start);
 	part_map_entry->block_count = PED_CPU_TO_BE32 (part->geom.length);
-	strcpy (part_map_entry->name, mac_part_data->volume_name);
-	strcpy (part_map_entry->type, mac_part_data->system_name);
+	strncpy (part_map_entry->name, mac_part_data->volume_name, 32);
+	strncpy (part_map_entry->type, mac_part_data->system_name, 32);
 
 	if (mac_part_data->is_driver) {
 		mac_part_data->boot_region_length = part->geom.length;
-- 
2.9.3