From 676cea155a80b3a3e7b3d2fda1fce8a41d79e2b8 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@redhat.com>
Date: Wed, 16 Sep 2009 17:42:15 +0200
Subject: [PATCH 1/1] scsi_id: prevent buffer overflow in
 check_fill_0x83_prespc3()

see https://bugzilla.redhat.com/show_bug.cgi?id=516920
---
 extras/scsi_id/scsi_serial.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/extras/scsi_id/scsi_serial.c b/extras/scsi_id/scsi_serial.c
index 92359122d..ab0ffd62a 100644
--- a/extras/scsi_id/scsi_serial.c
+++ b/extras/scsi_id/scsi_serial.c
@@ -578,11 +578,12 @@ static int check_fill_0x83_prespc3(struct udev *udev,
 	/* serial has been memset to zero before */
 	j = strlen(serial);	/* j = 1; */
 
-	for (i = 0; i < page_83[3]; ++i) {
+	for (i = 0; (i < page_83[3]) && (j < max_len-3); ++i) {
 		serial[j++] = hex_str[(page_83[4+i] & 0xf0) >> 4];
 		serial[j++] = hex_str[ page_83[4+i] & 0x0f];
 	}
-	strcpy(serial_short, serial);
+	serial[max_len-1] = 0;
+	strncpy(serial_short, serial, max_len-1);
 	return 0;
 }
 
-- 
2.30.2