aacraid(4): Fix some mostly trivial buffer overruns

strcpy(3) emits a trailing nul byte, trampling fields after the intended destination. Instead, use strncpy(3), intentionally leaving these fields not nul-terminated. Reported by: Coverity CIDs: 1031024, 1305463, 1305494, 1305545 Sponsored by: EMC / Isilon Storage Division
author: cem <cem@FreeBSD.org> 2016-04-26 20:59:21 +0000
committer: cem <cem@FreeBSD.org> 2016-04-26 20:59:21 +0000
commit: eef3bca304a459dc1be56ef13cdbe60e896d3935 (patch)
tree: 23e8f40580fbb8d033faa50f024f54cc47eac966 /sys/dev
parent: b91af2a23dcf0bf7ce2d13ab11bd3c5256d02745 (diff)
download: FreeBSD-src-eef3bca304a459dc1be56ef13cdbe60e896d3935.zip
FreeBSD-src-eef3bca304a459dc1be56ef13cdbe60e896d3935.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/sys/dev/aacraid/aacraid_cam.c b/sys/dev/aacraid/aacraid_cam.c
index 922673f..394b67d 100644
--- a/sys/dev/aacraid/aacraid_cam.c
+++ b/sys/dev/aacraid/aacraid_cam.c
@@ -568,9 +568,11 @@ aac_container_special_command(struct cam_sim *sim, union ccb *ccb,
 				p->additional_length = 31;
 				p->flags = SID_WBus16|SID_Sync|SID_CmdQue;
 				/* OEM Vendor defines */
-				strcpy(p->vendor,"Adaptec ");
-				strcpy(p->product,"Array           ");
-				strcpy(p->revision,"V1.0");
+				strncpy(p->vendor, "Adaptec ", sizeof(p->vendor));
+				strncpy(p->product, "Array           ",
+				    sizeof(p->product));
+				strncpy(p->revision, "V1.0",
+				    sizeof(p->revision));
 			}	
 		} else {
 			if (inq->page_code == SVPD_SUPPORTED_PAGE_LIST) {
author	cem <cem@FreeBSD.org>	2016-04-26 20:59:21 +0000
committer	cem <cem@FreeBSD.org>	2016-04-26 20:59:21 +0000
commit	eef3bca304a459dc1be56ef13cdbe60e896d3935 (patch)
tree	23e8f40580fbb8d033faa50f024f54cc47eac966 /sys/dev
parent	b91af2a23dcf0bf7ce2d13ab11bd3c5256d02745 (diff)
download	FreeBSD-src-eef3bca304a459dc1be56ef13cdbe60e896d3935.zip FreeBSD-src-eef3bca304a459dc1be56ef13cdbe60e896d3935.tar.gz