scsi_id: prevent buffer overflow in check_fill_0x83_prespc3()

author Harald Hoyer <harald@redhat.com>

Wed, 16 Sep 2009 15:42:15 +0000 (17:42 +0200)

committer Kay Sievers <kay.sievers@vrfy.org>

Wed, 16 Sep 2009 22:06:03 +0000 (00:06 +0200)
author Harald Hoyer <harald@redhat.com>
Wed, 16 Sep 2009 15:42:15 +0000 (17:42 +0200)
committer Kay Sievers <kay.sievers@vrfy.org>
Wed, 16 Sep 2009 22:06:03 +0000 (00:06 +0200)
diff --git a/extras/scsi_id/scsi_serial.c b/extras/scsi_id/scsi_serial.c

index 92359122d838413992490cf2abc1f9a796c3e43b..ab0ffd62aaa963c28dd542a3ee0e3b81d22f4f51 100644 (file)
--- a/extras/scsi_id/scsi_serial.c
+++ b/extras/scsi_id/scsi_serial.c
@@ -578,11 +578,12 @@ static int check_fill_0x83_prespc3(struct udev *udev,
         /* serial has been memset to zero before */
         j = strlen(serial);     /* j = 1; */
  
-       for (i = 0; i < page_83[3]; ++i) {
+       for (i = 0; (i < page_83[3]) && (j < max_len-3); ++i) {
                 serial[j++] = hex_str[(page_83[4+i] & 0xf0) >> 4];
                 serial[j++] = hex_str[ page_83[4+i] & 0x0f];
         }
-       strcpy(serial_short, serial);
+       serial[max_len-1] = 0;
+       strncpy(serial_short, serial, max_len-1);
         return 0;
  }
author	Harald Hoyer <harald@redhat.com>
	Wed, 16 Sep 2009 15:42:15 +0000 (17:42 +0200)
committer	Kay Sievers <kay.sievers@vrfy.org>
	Wed, 16 Sep 2009 22:06:03 +0000 (00:06 +0200)