From c4a91b6afae12b09d72a6da25e7033e2680a600a Mon Sep 17 00:00:00 2001 From: Daniel Wagner Date: Fri, 27 Jan 2023 10:28:49 +0100 Subject: [PATCH] fabrics: Avoid buffer overrun in strchomp strchomp() has an off-by-one error and starts stripping spaces at the byte AFTER the end of the buffer. Signed-off-by: Daniel Wagner --- src/nvme/fabrics.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/nvme/fabrics.c b/src/nvme/fabrics.c index 0e8e9dc1..7134dbae 100644 --- a/src/nvme/fabrics.c +++ b/src/nvme/fabrics.c @@ -47,13 +47,19 @@ const char *nvmf_dev = "/dev/nvme-fabrics"; /** * strchomp() - Strip trailing white space - * @s: String to strip - * @l: Maximum length of string + * @str: String to strip + * @max: Maximum length of string */ -static void strchomp(char *s, int l) +static void strchomp(char *str, int max) { - while (l && (s[l] == '\0' || s[l] == ' ')) - s[l--] = '\0'; + int i; + + for (i = max - 1; i >= 0; i--) { + if (str[i] != '\0' && str[i] != ' ') + return; + else + str[i] = '\0'; + } } const char *arg_str(const char * const *strings, -- 2.50.1