From 2f73b1f7a4057438db8fa38c44e0261ba9dc0d4a Mon Sep 17 00:00:00 2001
From: Seung-Woo Kim <sw0312.kim@samsung.com>
Date: Thu, 27 Jul 2017 12:13:22 +0900
Subject: [PATCH] cmd: usbdown: remove overflow possiblity on
 fill_entity_usbdown()

The file name parsed from dfu_alo_info can be longer than NAME_SIZE,
so strcpy function has possiblity of overflow.
Remove the possible overflow using strncpy with less length than
NAME_SIZE.

Change-Id: Ib70f539a810e553136421c7faa576144811c3112
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
---
 cmd/usbdown.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/usbdown.c b/cmd/usbdown.c
index 27e6a6b9bc..840c6bb86c 100644
--- a/cmd/usbdown.c
+++ b/cmd/usbdown.c
@@ -261,7 +261,7 @@ static void fill_entity_usbdown(char *interface, char *devstr)
 		/* Parsing file name */
 		s = strsep(&setting, ";");
 		st = strsep(&s, " ");
-		strcpy(usbdown[i].name, st);
+		strncpy(usbdown[i].name, st, NAME_SIZE - 1);
 
 		ret = usb_fill_entity(&usbdown[i], s, alt_num_count,
 				interface, devstr);
-- 
2.34.1