[ofa-general] [PATCH] Fix potential buffer overflow in umad_get_cas_names()
Arne Redlich
arne.redlich at xiranet.com
Fri Sep 7 06:36:12 PDT 2007
umad_get_cas_names() currently ignores the max parameter - fix this.
Signed-off-by: Arne Redlich <arne.redlich at xiranet.com>
---
diff --git a/libibumad/src/umad.c b/libibumad/src/umad.c
index a6446bf..787aa92 100644
--- a/libibumad/src/umad.c
+++ b/libibumad/src/umad.c
@@ -519,11 +519,12 @@ umad_get_cas_names(char cas[][UMAD_CA_NAME_LEN], int max)
n = scandir(SYS_INFINIBAND, &namelist, 0, alphasort);
if (n > 0) {
for (i = 0; i < n; i++) {
- if (!strcmp(namelist[i]->d_name, ".") ||
- !strcmp(namelist[i]->d_name, "..")) {
- } else
- strncpy(cas[j++], namelist[i]->d_name,
- UMAD_CA_NAME_LEN);
+ if (strcmp(namelist[i]->d_name, ".") &&
+ strcmp(namelist[i]->d_name, "..")) {
+ if (j < max)
+ strncpy(cas[j++], namelist[i]->d_name,
+ UMAD_CA_NAME_LEN);
+ }
free(namelist[i]);
}
DEBUG("return %d cas", j);
--
1.5.2.1
More information about the general
mailing list