client: fix potential buffer overrun in server name copy

Not an issue right now since pdu.server is larger than the buffer,
but that could change at some point. Better be safe.

Signed-off-by: Jens Axboe <axboe@fb.com>

diff --git a/client.c b/client.c
index 3cb7c1c50a92f27706da48f5d4ce64ccb7ca6b59..74c9c76ba10c380cdbf1aa629d0298ea04c8e2b6 100644 (file)
--- a/client.c
+++ b/client.c
@@ -380,6 +380,7 @@ static const char *server_name(struct fio_client *client, char *buf,
 static void probe_client(struct fio_client *client)
 {
        struct cmd_client_probe_pdu pdu;
+       const char *sname;
        uint64_t tag;
        char buf[64];
 
@@ -391,7 +392,9 @@ static void probe_client(struct fio_client *client)
        pdu.flags = 0;
 #endif
 
-       strcpy((char *) pdu.server, server_name(client, buf, sizeof(buf)));
+       sname = server_name(client, buf, sizeof(buf));
+       memset(pdu.server, 0, sizeof(pdu.server));
+       strncpy((char *) pdu.server, sname, sizeof(pdu.server) - 1);
 
        fio_net_send_cmd(client->fd, FIO_NET_CMD_PROBE, &pdu, sizeof(pdu), &tag, &client->cmd_list);
 }