* amd/nfs_subr.c (fh_to_mp3): strncpy may not null terminate if

copying exactly len bytes, so add null just to be safe.

the memset can be removed because strncpy() should padd the

diff --git a/ChangeLog b/ChangeLog
index ba95af50335a1bad4e274f829f7ef6d734c4d839..efc105ce010debf4d85233c572d9afaa753b651a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2005-03-31  Erez Zadok  <ezk@cs.sunysb.edu>
+
+       * amd/nfs_subr.c (fh_to_mp3): strncpy may not null terminate if
+       copying exactly len bytes, so add null just to be safe.
+
 2005-03-30  Daniel P. Ottavio  <dottavio@ic.sunysb.edu>
 
        * amd/nfs_subr.c (fh_to_mp3): Increased the n of strncpy()
@@ -6,7 +11,7 @@
 2005-03-29  Daniel P. Ottavio  <dottavio@ic.sunysb.edu>
 
        * amd/nfs_subr.c (fh_to_mp3): Fix memset bug. In this case
-       the memset can be removed because strncpy() should padd the 
+       the memset can be removed because strncpy() should padd the
        buffer with NULLs anyway.
 
 2005-03-21  Rainer Orth  <ro@TechFak.Uni-Bielefeld.DE>

diff --git a/amd/nfs_subr.c b/amd/nfs_subr.c
index c2988669efb58bc339736b6242b9c782aa59b7e4..a4ec4f44c4164250ec604b7aeac6ec6e301077ac 100644 (file)
--- a/amd/nfs_subr.c
+++ b/amd/nfs_subr.c
@@ -37,7 +37,7 @@
  * SUCH DAMAGE.
  *
  *
- * $Id: nfs_subr.c,v 1.25 2005/03/30 13:48:33 ottavio Exp $
+ * $Id: nfs_subr.c,v 1.26 2005/03/31 21:59:43 ezk Exp $
  *
  */
 
@@ -614,8 +614,10 @@ fh_to_mp3(am_nfs_fh *fhp, int *rp, int vop)
 
   if (fp->fhh_type != 0) {
     /* New filehandle type */
-    char *path = xmalloc(sizeof(*fhp) + 1);
-    strncpy(path, (char *) fhp, sizeof(*fhp) + 1);
+    int len = sizeof(*fhp);
+    char *path = xmalloc(len + 1);
+    strncpy(path, (char *) fhp, len);
+    path[len+1] = '\0';                /* just to be safe */
     /* dlog("fh_to_mp3: new filehandle: %s", path); */
 
     ap = path_to_exported_ap(path);