From 1e1244c36b6158e9701df180b95fab10b0c752fb Mon Sep 17 00:00:00 2001
From: Tianhua Sun <tianhuax.s.sun@intel.com>
Date: Tue, 11 Jun 2019 10:22:27 +0800
Subject: [PATCH] dm: use strncpy to replace strcpy

Use strncpy instead of strcpy to avoid buf overflow.
Fix strncpy null-terminated issues.

Tracked-On: #3245
Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
---
 devicemodel/hw/pci/virtio/virtio_audio.c        | 1 +
 devicemodel/hw/pci/virtio/virtio_console.c      | 6 ++++--
 devicemodel/hw/pci/virtio/virtio_hyper_dmabuf.c | 1 +
 devicemodel/hw/pci/virtio/virtio_net.c          | 4 +++-
 devicemodel/hw/pci/virtio/virtio_rnd.c          | 1 +
 5 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/devicemodel/hw/pci/virtio/virtio_audio.c b/devicemodel/hw/pci/virtio/virtio_audio.c
index b03f6647a..50d6566bd 100644
--- a/devicemodel/hw/pci/virtio/virtio_audio.c
+++ b/devicemodel/hw/pci/virtio/virtio_audio.c
@@ -121,6 +121,7 @@ virtio_audio_kernel_dev_set(struct vbs_dev_info *kdev, const char *name,
 {
 	/* init kdev */
 	strncpy(kdev->name, name, VBS_NAME_LEN);
+	kdev->name[VBS_NAME_LEN - 1] = '\0';
 	kdev->vmid = vmid;
 	kdev->nvq = nvq;
 	kdev->negotiated_features = feature;
diff --git a/devicemodel/hw/pci/virtio/virtio_console.c b/devicemodel/hw/pci/virtio/virtio_console.c
index 9d161c48b..7369ca818 100644
--- a/devicemodel/hw/pci/virtio/virtio_console.c
+++ b/devicemodel/hw/pci/virtio/virtio_console.c
@@ -625,7 +625,8 @@ virtio_console_accept_new_connection(int fd __attribute__((unused)),
 
 	memset(&addr, 0, sizeof(addr));
 	addr.sun_family = AF_UNIX;
-	strcpy(addr.sun_path, be->portpath);
+	strncpy(addr.sun_path, be->portpath, sizeof(addr.sun_path));
+	addr.sun_path[sizeof(addr.sun_path) - 1] = '\0';
 
 	len = sizeof(addr);
 	accepted_fd = accept(be->fd, (struct sockaddr *)&addr, &len);
@@ -728,7 +729,8 @@ virtio_console_config_backend(struct virtio_console_backend *be)
 
 		memset(&addr, 0, sizeof(addr));
 		addr.sun_family = AF_UNIX;
-		strcpy(addr.sun_path, be->portpath);
+		strncpy(addr.sun_path, be->portpath, sizeof(addr.sun_path));
+		addr.sun_path[sizeof(addr.sun_path) - 1] = '\0';
 
 		if (be->socket_type == NULL || !strcmp(be->socket_type,"server")) {
 			unlink(be->portpath);
diff --git a/devicemodel/hw/pci/virtio/virtio_hyper_dmabuf.c b/devicemodel/hw/pci/virtio/virtio_hyper_dmabuf.c
index fd07c7ca9..18c563075 100644
--- a/devicemodel/hw/pci/virtio/virtio_hyper_dmabuf.c
+++ b/devicemodel/hw/pci/virtio/virtio_hyper_dmabuf.c
@@ -116,6 +116,7 @@ virtio_hyper_dmabuf_k_dev_set(const char *name, int vmid, int nvq,
 {
 	/* init kdev */
 	strncpy(kdev.name, name, VBS_NAME_LEN);
+	kdev.name[VBS_NAME_LEN - 1] = '\0';
 	kdev.vmid = vmid;
 	kdev.nvq = nvq;
 	kdev.negotiated_features = feature;
diff --git a/devicemodel/hw/pci/virtio/virtio_net.c b/devicemodel/hw/pci/virtio/virtio_net.c
index 877e14065..19241104f 100644
--- a/devicemodel/hw/pci/virtio/virtio_net.c
+++ b/devicemodel/hw/pci/virtio/virtio_net.c
@@ -652,8 +652,10 @@ virtio_net_tap_open(char *devname)
 	memset(&ifr, 0, sizeof(ifr));
 	ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
 
-	if (*devname)
+	if (*devname) {
 		strncpy(ifr.ifr_name, devname, IFNAMSIZ);
+		ifr.ifr_name[IFNAMSIZ - 1] = '\0';
+	}
 
 	rc = ioctl(tunfd, TUNSETIFF, (void *)&ifr);
 	if (rc < 0) {
diff --git a/devicemodel/hw/pci/virtio/virtio_rnd.c b/devicemodel/hw/pci/virtio/virtio_rnd.c
index a9092836a..84146b2a1 100644
--- a/devicemodel/hw/pci/virtio/virtio_rnd.c
+++ b/devicemodel/hw/pci/virtio/virtio_rnd.c
@@ -217,6 +217,7 @@ virtio_rnd_kernel_dev_set(struct vbs_dev_info *kdev, const char *name,
 
 	/* init kdev */
 	strncpy(kdev->name, name, VBS_NAME_LEN);
+	kdev->name[VBS_NAME_LEN - 1] = '\0';
 	kdev->vmid = vmid;
 	kdev->nvq = nvq;
 	kdev->negotiated_features = feature;