From 2a224653df93c4b3a6b3914509f314196ad61008 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Tue, 31 Mar 2015 09:50:44 +0200
Subject: features/changelog: fix possible illegal memory access (CID 1288819)

Coverity CID 1288819

strncpy executed with a limit equal to the target array
size potentially leaves the target string not null terminated.
Make sure the copied string is a valid 0 terminated string.

Change-Id: Ie2d2970f37840146aa18724be3b89e93194c8160
BUG: 789278
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-on: http://review.gluster.org/10062
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Venky Shankar <vshankar@redhat.com>
---
 xlators/features/changelog/lib/src/gf-changelog-journal-handler.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'xlators/features')

diff --git a/xlators/features/changelog/lib/src/gf-changelog-journal-handler.c b/xlators/features/changelog/lib/src/gf-changelog-journal-handler.c
index 538a7faff68..c4e14708b5f 100644
--- a/xlators/features/changelog/lib/src/gf-changelog-journal-handler.c
+++ b/xlators/features/changelog/lib/src/gf-changelog-journal-handler.c
@@ -947,7 +947,8 @@ gf_changelog_journal_init (void *xl, struct gf_brick_spec *brick)
                 goto dealloc_private;
         }
 
-        (void) strncpy (jnl->jnl_brickpath, brick->brick_path, PATH_MAX);
+        (void) strncpy (jnl->jnl_brickpath, brick->brick_path, PATH_MAX-1);
+        jnl->jnl_brickpath[PATH_MAX-1] = 0;
 
         /* RFC 3986 {de,en}coding */
         for (i = 0; i < 256; i++) {
-- 
cgit