From: Jens Axboe <axboe@fb.com>
Date: Mon, 5 Jan 2015 15:47:01 +0000 (-0700)
Subject: client: fix potential buffer overrun in server name copy
X-Git-Tag: fio-2.2.5~25
X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=e8b606174f00ebf19cc34f7ccfd59dd6c3e44050;p=fio.git

client: fix potential buffer overrun in server name copy

Not an issue right now since pdu.server is larger than the buffer,
but that could change at some point. Better be safe.

Signed-off-by: Jens Axboe <axboe@fb.com>
---

diff --git a/client.c b/client.c
index 3cb7c1c5..74c9c76b 100644
--- a/client.c
+++ b/client.c
@@ -380,6 +380,7 @@ static const char *server_name(struct fio_client *client, char *buf,
 static void probe_client(struct fio_client *client)
 {
 	struct cmd_client_probe_pdu pdu;
+	const char *sname;
 	uint64_t tag;
 	char buf[64];
 
@@ -391,7 +392,9 @@ static void probe_client(struct fio_client *client)
 	pdu.flags = 0;
 #endif
 
-	strcpy((char *) pdu.server, server_name(client, buf, sizeof(buf)));
+	sname = server_name(client, buf, sizeof(buf));
+	memset(pdu.server, 0, sizeof(pdu.server));
+	strncpy((char *) pdu.server, sname, sizeof(pdu.server) - 1);
 
 	fio_net_send_cmd(client->fd, FIO_NET_CMD_PROBE, &pdu, sizeof(pdu), &tag, &client->cmd_list);
 }