mtd-utils: Fix potentially unterminated strings

This commit fixes some uses of strncpy that could leave the destination
buffer unterminated.

Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>

diff --git a/lib/libubi.c b/lib/libubi.c
index afe364870adb1b5e1f6e3b5cfc3df861e334fd64..baaca2f3f940d8ce7f115e2347941cc67e6f61fe 100644 (file)
--- a/lib/libubi.c
+++ b/lib/libubi.c
@@ -1008,7 +1008,8 @@ int ubi_mkvol(libubi_t desc, const char *node, struct ubi_mkvol_request *req)
        if (n > UBI_MAX_VOLUME_NAME)
                return -1;
 
-       strncpy(r.name, req->name, UBI_MAX_VOLUME_NAME + 1);
+       strncpy(r.name, req->name, UBI_MAX_VOLUME_NAME);
+       r.name[UBI_MAX_VOLUME_NAME] = '\0';
        r.name_len = n;
 
        fd = open(node, O_RDONLY);

diff --git a/misc-utils/mtdpart.c b/misc-utils/mtdpart.c
index e480e1bfce0ccd59d2a74ea636f3ce44a79f0866..ba35d87f0d985e9d069b5dcf400e1ce931a47798 100644 (file)
--- a/misc-utils/mtdpart.c
+++ b/misc-utils/mtdpart.c
@@ -174,7 +174,9 @@ int main(int argc, char * const argv[])
                case COMMAND_ADD:
                        part.start = start_addr;
                        part.length = length;
-                       strncpy(part.devname, part_name, sizeof(part.devname));
+                       strncpy(part.devname, part_name,
+                               sizeof(part.devname) - 1);
+                       part.devname[sizeof(part.devname) - 1] = '\0';
                        arg.op = BLKPG_ADD_PARTITION;
                        break;
                case COMMAND_DEL:

diff --git a/tests/checkfs/checkfs.c b/tests/checkfs/checkfs.c
index 3e34cc49bf7e32f3f6b54576cb7c5e8cf31a4f2d..203ad5c3300a35e87aed3881418602f55b934767 100644 (file)
--- a/tests/checkfs/checkfs.c
+++ b/tests/checkfs/checkfs.c
@@ -512,7 +512,8 @@ static void processCmdLine(int argc, char **argv)
     {
         if(strcmp(argv[cnt], CMDLINE_PORT) == 0)
         {
-            strncpy(SerialDevice, argv[++cnt], sizeof(SerialDevice));
+            strncpy(SerialDevice, argv[++cnt], sizeof(SerialDevice) - 1);
+           SerialDevice[sizeof(SerialDevice) - 1] = '\0';
             continue;
         }else
             if(strcmp(argv[cnt], CMDLINE_MAXFILEBYTES) == 0)

diff --git a/tests/jittertest/JitterTest.c b/tests/jittertest/JitterTest.c
index 797035b1ab628f4359a6796fa0fc1aa4c58ee8e9..2bee0b0662f6742675ffc6712edc3fa57843602e 100644 (file)
--- a/tests/jittertest/JitterTest.c
+++ b/tests/jittertest/JitterTest.c
@@ -859,7 +859,8 @@ void HandleCmdLineArgs(
              /* Set the file to log console log on. */
              ++argNum;
 
-             strncpy(LogFile, argv[argNum], sizeof(LogFile));
+             strncpy(LogFile, argv[argNum], sizeof(LogFile) - 1);
+             LogFile[sizeof(LogFile) - 1] = '\0';
             }
 
             else if ((strcmp(argv[argNum],"--grab_kprofile") ==