Btrfs-progs use safe string manipulation functions

Signed-off-by: Eduardo Silva <eduardo.silva@oracle.com>
Signed-off-by: Chris Mason <chris.mason@oracle.com>

diff --git a/btrfs_cmds.c b/btrfs_cmds.c
index 8031c58..fffb423 100644 (file)
--- a/btrfs_cmds.c
+++ b/btrfs_cmds.c
@@ -375,7 +375,7 @@ int do_clone(int argc, char **argv)
        printf("Create a snapshot of '%s' in '%s/%s'\n",
               subvol, dstdir, newname);
        args.fd = fd;
-       strcpy(args.name, newname);
+       strncpy(args.name, newname, BTRFS_PATH_NAME_MAX);
        res = ioctl(fddst, BTRFS_IOC_SNAP_CREATE, &args);
 
        close(fd);
@@ -436,7 +436,7 @@ int do_delete_subvolume(int argc, char **argv)
        }
 
        printf("Delete subvolume '%s/%s'\n", dname, vname);
-       strcpy(args.name, vname);
+       strncpy(args.name, vname, BTRFS_PATH_NAME_MAX);
        res = ioctl(fd, BTRFS_IOC_SNAP_DESTROY, &args);
 
        close(fd);
@@ -490,7 +490,7 @@ int do_create_subvol(int argc, char **argv)
        }
 
        printf("Create subvolume '%s/%s'\n", dstdir, newname);
-       strcpy(args.name, newname);
+       strncpy(args.name, newname, BTRFS_PATH_NAME_MAX);
        res = ioctl(fddst, BTRFS_IOC_SUBVOL_CREATE, &args);
 
        close(fddst);
@@ -553,7 +553,7 @@ int do_scan(int argc, char **argv)
 
                printf("Scanning for Btrfs filesystems in '%s'\n", argv[i]);
 
-               strcpy(args.name, argv[i]);
+               strncpy(args.name, argv[i], BTRFS_PATH_NAME_MAX);
                /*
                 * FIXME: which are the error code returned by this ioctl ?
                 * it seems that is impossible to understand if there no is
@@ -593,7 +593,7 @@ int do_resize(int argc, char **argv)
        }
 
        printf("Resize '%s' of '%s'\n", path, amount);
-       strcpy(args.name, amount);
+       strncpy(args.name, amount, BTRFS_PATH_NAME_MAX);
        res = ioctl(fd, BTRFS_IOC_RESIZE, &args);
        close(fd);
        if( res < 0 ){
@@ -736,7 +736,7 @@ int do_add_volume(int nargs, char **args)
                }
                close(devfd);
 
-               strcpy(ioctl_args.name, args[i]);
+               strncpy(ioctl_args.name, args[i], BTRFS_PATH_NAME_MAX);
                res = ioctl(fdmnt, BTRFS_IOC_ADD_DEV, &ioctl_args);
                if(res<0){
                        fprintf(stderr, "ERROR: error adding the device '%s'\n", args[i]);
@@ -792,7 +792,7 @@ int do_remove_volume(int nargs, char **args)
                struct  btrfs_ioctl_vol_args arg;
                int     res;
 
-               strcpy(arg.name, args[i]);
+               strncpy(arg.name, args[i], BTRFS_PATH_NAME_MAX);
                res = ioctl(fdmnt, BTRFS_IOC_RM_DEV, &arg);
                if(res<0){
                        fprintf(stderr, "ERROR: error removing the device '%s'\n", args[i]);

diff --git a/btrfsctl.c b/btrfsctl.c
index 92bdf39..adfa519 100644 (file)
--- a/btrfsctl.c
+++ b/btrfsctl.c
@@ -237,7 +237,7 @@ int main(int ac, char **av)
         }
 
        if (name)
-               strcpy(args.name, name);
+                strncpy(args.name, name, BTRFS_PATH_NAME_MAX + 1);
        else
                args.name[0] = '\0';
 

diff --git a/convert.c b/convert.c
index d037c98..fbcf4a3 100644 (file)
--- a/convert.c
+++ b/convert.c
@@ -857,7 +857,7 @@ static int copy_single_xattr(struct btrfs_trans_handle *trans,
                data = databuf;
                datalen = bufsize;
        }
-       strcpy(namebuf, xattr_prefix_table[name_index]);
+       strncpy(namebuf, xattr_prefix_table[name_index], XATTR_NAME_MAX);
        strncat(namebuf, EXT2_EXT_ATTR_NAME(entry), entry->e_name_len);
        if (name_len + datalen > BTRFS_LEAF_DATA_SIZE(root) -
            sizeof(struct btrfs_item) - sizeof(struct btrfs_dir_item)) {

diff --git a/utils.c b/utils.c
index fd894f3..96ef94d 100644 (file)
--- a/utils.c
+++ b/utils.c
@@ -108,7 +108,7 @@ int make_btrfs(int fd, const char *device, const char *label,
        btrfs_set_super_csum_type(&super, BTRFS_CSUM_TYPE_CRC32);
        btrfs_set_super_chunk_root_generation(&super, 1);
        if (label)
-               strcpy(super.label, label);
+               strncpy(super.label, label, BTRFS_LABEL_SIZE - 1);
 
        buf = malloc(sizeof(*buf) + max(sectorsize, leafsize));
 
@@ -828,7 +828,7 @@ void btrfs_register_one_device(char *fname)
                        "skipping device registration\n");
                return;
        }
-       strcpy(args.name, fname);
+       strncpy(args.name, fname, BTRFS_PATH_NAME_MAX);
        ret = ioctl(fd, BTRFS_IOC_SCAN_DEV, &args);
        close(fd);
 }
@@ -971,6 +971,7 @@ static char *size_strs[] = { "", "KB", "MB", "GB", "TB",
 char *pretty_sizes(u64 size)
 {
        int num_divs = 0;
+        int pretty_len = 16;
        u64 last_size = size;
        u64 fract_size = size;
        float fraction;
@@ -988,8 +989,8 @@ char *pretty_sizes(u64 size)
                return NULL;
 
        fraction = (float)fract_size / 1024;
-       pretty = malloc(16);
-       sprintf(pretty, "%.2f%s", fraction, size_strs[num_divs-1]);
+       pretty = malloc(pretty_len);
+       snprintf(pretty, pretty_len, "%.2f%s", fraction, size_strs[num_divs-1]);
        return pretty;
 }