From dd5ab40204b1d78ec3bdbcfd5a38a8ffb72bdb50 Mon Sep 17 00:00:00 2001
From: Kinga Tanska <kinga.tanska@intel.com>
Date: Thu, 11 May 2023 04:55:12 +0200
Subject: Fix unsafe string functions

Add string length limitations where necessary to
avoid buffer overflows.

Signed-off-by: Kinga Tanska <kinga.tanska@intel.com>
Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
---
 mdopen.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'mdopen.c')

diff --git a/mdopen.c b/mdopen.c
index d3022a54..3daa71f9 100644
--- a/mdopen.c
+++ b/mdopen.c
@@ -193,14 +193,14 @@ int create_mddev(char *dev, char *name, int autof, int trustworthy,
 
 	if (dev) {
 		if (strncmp(dev, DEV_MD_DIR, DEV_MD_DIR_LEN) == 0) {
-			strcpy(cname, dev + DEV_MD_DIR_LEN);
+			snprintf(cname, MD_NAME_MAX, "%s", dev + DEV_MD_DIR_LEN);
 		} else if (strncmp(dev, "/dev/", 5) == 0) {
 			char *e = dev + strlen(dev);
 			while (e > dev && isdigit(e[-1]))
 				e--;
 			if (e[0])
 				num = strtoul(e, NULL, 10);
-			strcpy(cname, dev+5);
+			snprintf(cname, MD_NAME_MAX, "%s", dev + 5);
 			cname[e-(dev+5)] = 0;
 			/* name *must* be mdXX or md_dXX in this context */
 			if (num < 0 ||
-- 
cgit v1.2.3