From: Harald Hoyer <harald@redhat.com>
Date: Wed, 16 Sep 2009 15:42:15 +0000 (+0200)
Subject: scsi_id: prevent buffer overflow in check_fill_0x83_prespc3()
X-Git-Tag: 174~765
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=676cea155a80b3a3e7b3d2fda1fce8a41d79e2b8

scsi_id: prevent buffer overflow in check_fill_0x83_prespc3()

see https://bugzilla.redhat.com/show_bug.cgi?id=516920
---

diff --git a/extras/scsi_id/scsi_serial.c b/extras/scsi_id/scsi_serial.c
index 92359122d..ab0ffd62a 100644
--- a/extras/scsi_id/scsi_serial.c
+++ b/extras/scsi_id/scsi_serial.c
@@ -578,11 +578,12 @@ static int check_fill_0x83_prespc3(struct udev *udev,
 	/* serial has been memset to zero before */
 	j = strlen(serial);	/* j = 1; */
 
-	for (i = 0; i < page_83[3]; ++i) {
+	for (i = 0; (i < page_83[3]) && (j < max_len-3); ++i) {
 		serial[j++] = hex_str[(page_83[4+i] & 0xf0) >> 4];
 		serial[j++] = hex_str[ page_83[4+i] & 0x0f];
 	}
-	strcpy(serial_short, serial);
+	serial[max_len-1] = 0;
+	strncpy(serial_short, serial, max_len-1);
 	return 0;
 }