From 08cd7083cac4bddf88459efa0881ee52858e7d0a Mon Sep 17 00:00:00 2001 From: Christian Marangi Date: Mon, 22 Jan 2024 01:41:24 +0100 Subject: [PATCH] libfstools: fit: improve fit_volume_find string handling While string are hardcoded and it's impossible to overflow it, make the string handling more secure to mute Coverity Scan report by using strncpy and adding a define for the max size of the DEVPATHSTR. Fix Coverity Scan CID 1586643: Security best practices violations (STRING_OVERFLOW). Signed-off-by: Christian Marangi --- libfstools/fit.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libfstools/fit.c b/libfstools/fit.c index b0da854..a8f0c66 100644 --- a/libfstools/fit.c +++ b/libfstools/fit.c @@ -3,6 +3,7 @@ #include "common.h" #define BUFLEN 64 +#define DEVPATHSTR_SIZE 15 static const char *const fit0 = "/dev/fit0"; static const char *const fitrw = "/dev/fitrw"; @@ -15,7 +16,7 @@ struct devpath { struct fit_volume { struct volume v; union { - char devpathstr[16]; + char devpathstr[DEVPATHSTR_SIZE+1]; struct devpath devpath; } dev; }; @@ -79,7 +80,7 @@ static struct volume *fit_volume_find(char *name) if (!p) return NULL; - strcpy(p->dev.devpathstr, fname); + strncpy(p->dev.devpathstr, fname, DEVPATHSTR_SIZE); p->v.drv = &fit_driver; p->v.blk = p->dev.devpathstr; p->v.name = name; -- 2.30.2