Add fix-strncat branch which corrects a buffer overrun.

2009-03-12 15:20:26 -07:00 · 2009-03-12 15:20:26 -07:00 · f1f9c50dd9
parent d164b20935
commit f1f9c50dd9
3 changed files with 10 additions and 1 deletions
--- a/.topdeps
+++ b/.topdeps
@ -0,0 +1 @@
 master
--- a/.topmsg
+++ b/.topmsg
@ -0,0 +1,8 @@
 From: Brian Behlendorf <behlendorf1@llnl.gov>
 Subject: [PATCH] fix strncat
 This look like a typo.  The intention was to use strlcat() however
 strncat() was used instead accidentally this may lead to a buffer
 overflow.  This was caught by gcc -D_FORTIFY_SOURCE=2.
 Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
--- a/lib/libzfs/libzfs_sendrecv.c
+++ b/lib/libzfs/libzfs_sendrecv.c
@ -1642,7 +1642,7 @@ zfs_receive_one(libzfs_handle_t *hdl, int infd, const char *tosnap,
 	 * Determine name of destination snapshot, store in zc_value.
 	 */
 	(void) strcpy(zc.zc_value, tosnap);
-	(void) strncat(zc.zc_value, drrb->drr_toname+choplen,
+	(void) strlcat(zc.zc_value, drrb->drr_toname+choplen,
 	    sizeof (zc.zc_value));
 	if (!zfs_name_valid(zc.zc_value, ZFS_TYPE_SNAPSHOT)) {
 		zcmd_free_nvlists(&zc);