libc/sys-minix/mount.c: fix overflow

author Lionel Sambuc <lionel@minix3.org>

Tue, 19 Nov 2013 14:26:47 +0000 (15:26 +0100)

committer Lionel Sambuc <lionel@minix3.org>

Sun, 2 Mar 2014 11:28:32 +0000 (12:28 +0100)
author Lionel Sambuc <lionel@minix3.org>
Tue, 19 Nov 2013 14:26:47 +0000 (15:26 +0100)
committer Lionel Sambuc <lionel@minix3.org>
Sun, 2 Mar 2014 11:28:32 +0000 (12:28 +0100)
diff --git a/include/minix/mount.h b/include/minix/mount.h

index 3188694ee5504faa55f4d2f3677f6ca537009cf7..bd9dc8c090878578cec041c59315350d5a6f295f 100644 (file)
--- a/include/minix/mount.h
+++ b/include/minix/mount.h
@@ -9,6 +9,8 @@
  #define MS_REUSE       0x001   /* Tell RS to try reusing binary from memory */
  #define MS_EXISTING    0x002   /* Tell mount to use already running server */
  
+#define MNT_LABEL_LEN  16      /* Length of fs label including nul */
+
  /* Legacy definitions. */
  #define MNTNAMELEN     16      /* Length of fs type name including nul */
  #define MNTFLAGLEN     64      /* Length of flags string including nul */
diff --git a/lib/libc/sys-minix/mount.c b/lib/libc/sys-minix/mount.c

index e9609f92bc36b170731f1987fec474539a729575..1224e27177ca021b4cf1a01e851e892240f16b6d 100644 (file)
--- a/lib/libc/sys-minix/mount.c
+++ b/lib/libc/sys-minix/mount.c
@@ -39,7 +39,7 @@ int mountflags, srvflags;
    int r;
    message m;
    struct stat statbuf;
-  char label[16];
+  char label[MNT_LABEL_LEN];
    char path[PATH_MAX];
    char cmd[200];
    char *p;
@@ -75,24 +75,24 @@ int mountflags, srvflags;
                         errno = EINVAL;
                         return -1;
                 }
-               sprintf(label, "fs_%.12s", p);
+               snprintf(label, MNT_LABEL_LEN, "fs_%.12s", p);
         } else {
                 /* check for a rslabel option in the arguments and try to use 
                  * that. 
                  */
                 rslabel = find_rslabel(args);
                 if (rslabel != NULL){
-                       snprintf(label,16,"%s",rslabel);
+                       snprintf(label, MNT_LABEL_LEN, "%s", rslabel);
                         free(rslabel);
                 } else {
                         if (stat(name, &statbuf) < 0) return -1;
-                       sprintf(label, "fs_%04x%llx", statbuf.st_dev, statbuf.st_ino);
+                       snprintf(label, MNT_LABEL_LEN, "fs_%llx_%llx", statbuf.st_dev, statbuf.st_ino);
                 }
         }
    } else {
                 /* label to long? */
-               if (strlen(type) < 16) {
-                       sprintf(label, "%s", type);
+               if (strlen(type) < MNT_LABEL_LEN) {
+                       snprintf(label, MNT_LABEL_LEN, "%s", type);
                 } else {
                         errno = ENOMEM;
                         return -1;
@@ -174,7 +174,7 @@ int umount(name, srvflags)
  const char *name;
  int srvflags;
  {
-  char label[16];
+  char label[MNT_LABEL_LEN];
    message m;
    int r;
author	Lionel Sambuc <lionel@minix3.org>
	Tue, 19 Nov 2013 14:26:47 +0000 (15:26 +0100)
committer	Lionel Sambuc <lionel@minix3.org>
	Sun, 2 Mar 2014 11:28:32 +0000 (12:28 +0100)
include/minix/mount.h		patch \| blob \| history
lib/libc/sys-minix/mount.c		patch \| blob \| history