diff options
author | cem <cem@FreeBSD.org> | 2016-04-26 20:59:21 +0000 |
---|---|---|
committer | cem <cem@FreeBSD.org> | 2016-04-26 20:59:21 +0000 |
commit | eef3bca304a459dc1be56ef13cdbe60e896d3935 (patch) | |
tree | 23e8f40580fbb8d033faa50f024f54cc47eac966 /sys/dev | |
parent | b91af2a23dcf0bf7ce2d13ab11bd3c5256d02745 (diff) | |
download | FreeBSD-src-eef3bca304a459dc1be56ef13cdbe60e896d3935.zip FreeBSD-src-eef3bca304a459dc1be56ef13cdbe60e896d3935.tar.gz |
aacraid(4): Fix some mostly trivial buffer overruns
strcpy(3) emits a trailing nul byte, trampling fields after the intended
destination. Instead, use strncpy(3), intentionally leaving these fields
not nul-terminated.
Reported by: Coverity
CIDs: 1031024, 1305463, 1305494, 1305545
Sponsored by: EMC / Isilon Storage Division
Diffstat (limited to 'sys/dev')
-rw-r--r-- | sys/dev/aacraid/aacraid_cam.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/sys/dev/aacraid/aacraid_cam.c b/sys/dev/aacraid/aacraid_cam.c index 922673f..394b67d 100644 --- a/sys/dev/aacraid/aacraid_cam.c +++ b/sys/dev/aacraid/aacraid_cam.c @@ -568,9 +568,11 @@ aac_container_special_command(struct cam_sim *sim, union ccb *ccb, p->additional_length = 31; p->flags = SID_WBus16|SID_Sync|SID_CmdQue; /* OEM Vendor defines */ - strcpy(p->vendor,"Adaptec "); - strcpy(p->product,"Array "); - strcpy(p->revision,"V1.0"); + strncpy(p->vendor, "Adaptec ", sizeof(p->vendor)); + strncpy(p->product, "Array ", + sizeof(p->product)); + strncpy(p->revision, "V1.0", + sizeof(p->revision)); } } else { if (inq->page_code == SVPD_SUPPORTED_PAGE_LIST) { |