[sgpio] Use strncpy instead of strcpy (coverity)

jsynacek jsynacek at fedoraproject.org
Fri Nov 30 13:41:16 UTC 2012 

commit 28d1f2579f3325b3772ec3c950af46d83378eda2
Author: Jan Synacek <jsynacek at redhat.com>
Date:   Fri Nov 30 14:38:34 2012 +0100

    Use strncpy instead of strcpy (coverity)

 sgpio-1.2-coverity.patch |   16 ++++++++++++++++
 sgpio.spec               |    7 ++++++-
 2 files changed, 22 insertions(+), 1 deletions(-)
---
diff --git a/sgpio-1.2-coverity.patch b/sgpio-1.2-coverity.patch
new file mode 100644
index 0000000..6a25425
--- /dev/null
+++ b/sgpio-1.2-coverity.patch
@@ -0,0 +1,16 @@
+Assume buffer overflow even if it's not possible.
+Found by coverity.
+
+Author: Jan Synacek <jsynacek at redhat.com>
+
+--- sgpio/sgpio.c.orig	2012-11-30 14:14:09.000000000 +0100
++++ sgpio/sgpio.c	2012-11-30 14:14:17.437228466 +0100
+@@ -629,7 +629,7 @@
+ 		return -1;
+ 	}
+ 
+-	strcpy(location, sys_scsi_path);
++	strncpy(location, sys_scsi_path, FS_PATH_LEN);
+ 	len = strlen(location);
+ 
+ 	for(i=0;i<dir_qan;i++){
diff --git a/sgpio.spec b/sgpio.spec
index 38d62d6..00eeb41 100644
--- a/sgpio.spec
+++ b/sgpio.spec
@@ -1,7 +1,7 @@
 Summary: SGPIO captive backplane tool
 Name: sgpio
 Version: 1.2.0.10
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 URL: http://sources.redhat.com/lvm2/wiki/DMRAID_Eventing
@@ -9,6 +9,7 @@ Source: sgpio-1.2-0.10-src.tar.gz
 # there is no official download link for the latest package
 #Source: http://sources.redhat.com/lvm2/wiki/DMRAID_Eventing?action=AttachFile&do=get&target=sgpio-1.2.tgz
 Patch0: sgpio-1.2-makefile.patch
+Patch1: sgpio-1.2-coverity.patch
 BuildRequires: dos2unix
 
 %description
@@ -18,6 +19,7 @@ Intel SGPIO enclosure management utility
 %setup -q -n sgpio
 dos2unix --keepdate Makefile README
 %patch0 -p1 -b .makefile
+%patch1 -p1 -b .coverity
 chmod a-x *
 
 %build
@@ -34,6 +36,9 @@ make install INSTALL="%{__install} -p" DESTDIR=$RPM_BUILD_ROOT SBIN_DIR=$RPM_BUI
 %{_mandir}/man1/sgpio.*
 
 %changelog
+* Fri Nov 30 2012 Jan Synáček <jsynacek at redhat.com> - 1.2.0.10-10
+- Use strncpy instead of strcpy (coverity)
+
 * Mon Nov 19 2012 Jan Synáček <jsynacek at redhat.com> - 1.2.0.10-9
 - dos2unix'ed the patch
 - Call dos2unix before patching and dos2unix Makefile as well

More information about the scm-commits mailing list