cli: print_brick_status: don't smash stack

For bricklen > 110 (i.e., 2 * fieldlen), the if-clause
would be executed 2 or more times, making strncpy write
past the end of "buf", clobbering the stack.  Rewrite,
removing unnecessary use of strncpy, strlen and decl/use
of the temporary buffer, and instead, specifying precision
via a printf-style format directive.

Coverity identified the static buffer overrun.

Change-Id: I176386e752c397dea22265de9f3c6eb631334f4f
BUG: 789278
Signed-off-by: Jim Meyering <meyering@redhat.com>
Reviewed-on: http://review.gluster.com/3646
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>

1 files changed, 3 insertions, 8 deletions

diff --git a/cli/src/cli-cmd-volume.c b/cli/src/cli-cmd-volume.c
index 704f9dddb7d..c0faaa07b56 100644
--- a/cli/src/cli-cmd-volume.c
+++ b/cli/src/cli-cmd-volume.c
@@ -1582,21 +1582,16 @@ int
 cli_print_brick_status (cli_volume_status_t *status)
 {
         int  fieldlen = CLI_VOL_STATUS_BRICK_LEN;
-        char buf[80] = {0,};
         int  bricklen = 0;
-        int  i = 0;
         char *p = NULL;
         int  num_tabs = 0;
 
-        bricklen = strlen (status->brick);
         p = status->brick;
+        bricklen = strlen (p);
         while (bricklen > 0) {
                 if (bricklen > fieldlen) {
-                        i++;
-                        strncpy (buf, p, min (fieldlen, (sizeof (buf)-1)));
-                        buf[strlen(buf) + 1] = '\0';
-                        cli_out ("%s", buf);
-                        p = status->brick + i * fieldlen;
+                        cli_out ("%.*s", fieldlen, p);
+                        p += fieldlen;
                         bricklen -= fieldlen;
                 } else {
                         num_tabs = (fieldlen - bricklen) / CLI_TAB_LENGTH + 1;