While string are hardcoded and it's impossible to overflow it, make the
string handling more secure to mute Coverity Scan report by using
strncpy and adding a define for the max size of the DEVPATHSTR.
Fix Coverity Scan CID
1586643: Security best practices violations
(STRING_OVERFLOW).
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
#include "common.h"
#define BUFLEN 64
+#define DEVPATHSTR_SIZE 15
static const char *const fit0 = "/dev/fit0";
static const char *const fitrw = "/dev/fitrw";
struct fit_volume {
struct volume v;
union {
- char devpathstr[16];
+ char devpathstr[DEVPATHSTR_SIZE+1];
struct devpath devpath;
} dev;
};
if (!p)
return NULL;
- strcpy(p->dev.devpathstr, fname);
+ strncpy(p->dev.devpathstr, fname, DEVPATHSTR_SIZE);
p->v.drv = &fit_driver;
p->v.blk = p->dev.devpathstr;
p->v.name = name;