Philippe Mathieu-Daudé <[email protected]> writes:
> On 03/02/2017 08:32 PM, Eric Blake wrote:
>> On 03/02/2017 03:43 PM, Markus Armbruster wrote:
>>> sd_parse_uri() truncates long VDI names silently. Reject them
>>> instead.
>>>
>>> Signed-off-by: Markus Armbruster <[email protected]>
>>> ---
>>> block/sheepdog.c | 4 +++-
>>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/block/sheepdog.c b/block/sheepdog.c
>>> index deb110e..72a52a6 100644
>>> --- a/block/sheepdog.c
>>> +++ b/block/sheepdog.c
>>> @@ -985,7 +985,9 @@ static int sd_parse_uri(BDRVSheepdogState *s, const
>>> char *filename,
>>> ret = -EINVAL;
>>> goto out;
>>> }
>>> - pstrcpy(vdi, SD_MAX_VDI_LEN, uri->path + 1);
>>> + if (g_strlcpy(vdi, uri->path + 1, SD_MAX_VDI_LEN) >= SD_MAX_VDI_LEN) {
>>> + goto out;
>>> + }
>>
>> Does this need to set ret? Maybe to -EINVAL?
>>
>
> ups I missed that. what about -ENAMETOOLONG?
> bdrv callers seem to only test for 'ret < 0'.
The next patch gets rid of the error code in this function.
>>>
>>> qp = query_params_parse(uri->query);
>>> if (qp->n > 1 || (s->is_unix && !qp->n) || (!s->is_unix && qp->n)) {
>>>
>>
