libmultipath: Fix buffer overflow in parse_vpd_pg80()
authorMartin Wilck <mwilck@suse.com>
Mon, 24 Jun 2019 09:27:41 +0000 (11:27 +0200)
committerChristophe Varoqui <christophe.varoqui@opensvc.com>
Wed, 3 Jul 2019 06:31:26 +0000 (08:31 +0200)
We set out[len] = '\0' later, thus we should set len to no more then
out_len - 1.

Fixes: 756ef73b7197 "Separate out vpd parsing functions"
Signed-off-by: Martin Wilck <mwilck@suse.com>
libmultipath/discovery.c

index f360e30..89c4d2a 100644 (file)
@@ -913,7 +913,7 @@ parse_vpd_pg80(const unsigned char *in, char *out, size_t out_len)
        if (len >= out_len) {
                condlog(2, "vpd pg80 overflow, %d/%d bytes required",
                        len, (int)out_len);
-               len = out_len;
+               len = out_len - 1;
        }
        if (len > 0) {
                memcpy(out, in + 4, len);