scsi_id: prevent buffer overflow in check_fill_0x83_prespc3()

[elogind.git] / extras / scsi_id / scsi_serial.c

diff --git a/extras/scsi_id/scsi_serial.c b/extras/scsi_id/scsi_serial.c
index 7b308a935c44e07b97fb4b38bdcfedcb6027e543..ab0ffd62aaa963c28dd542a3ee0e3b81d22f4f51 100644 (file)
--- a/extras/scsi_id/scsi_serial.c
+++ b/extras/scsi_id/scsi_serial.c
@@ -28,8 +28,7 @@
 #include <scsi/scsi.h>
 #include <scsi/sg.h>
 #include <linux/types.h>
-/* #include <linux/bsg.h> */
-#include "bsg.h"
+#include <linux/bsg.h>
 
 #include "libudev.h"
 #include "libudev-private.h"
@@ -579,11 +578,12 @@ static int check_fill_0x83_prespc3(struct udev *udev,
        /* serial has been memset to zero before */
        j = strlen(serial);     /* j = 1; */
 
-       for (i = 0; i < page_83[3]; ++i) {
+       for (i = 0; (i < page_83[3]) && (j < max_len-3); ++i) {
                serial[j++] = hex_str[(page_83[4+i] & 0xf0) >> 4];
                serial[j++] = hex_str[ page_83[4+i] & 0x0f];
        }
-       strcpy(serial_short, serial);
+       serial[max_len-1] = 0;
+       strncpy(serial_short, serial, max_len-1);
        return 0;
 }