[CRIU] [PATCH] lib: don't copy more than the buffer size

Fri Dec 20 13:20:48 PST 2013

CID 1141012 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
2. fixed_size_dest: You might overrun the 108 byte fixed-size string
"addr.sun_path" by copying "service_address" without checking the
length.

Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
 lib/criu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/criu.c b/lib/criu.c
index d3ab3ee..f0feba3 100644
--- a/lib/criu.c
+++ b/lib/criu.c
@@ -161,7 +161,7 @@ static int criu_connect(void)
 	memset(&addr, 0, sizeof(addr));
 	addr.sun_family = AF_LOCAL;
 
-	strcpy(addr.sun_path, service_address);
+	strncpy(addr.sun_path, service_address, sizeof(addr.sun_path));
 
 	addr_len = strlen(addr.sun_path) + sizeof(addr.sun_family);
 
-- 
1.8.3.1

