From fd6bbfe0701fab8eb91f3320f31bbbf00abe261a Mon Sep 17 00:00:00 2001 From: Chris Rogers Date: Mon, 12 Feb 2024 16:29:42 -0500 Subject: [PATCH] block-crypto: Fix off-by-one in keypath Commit 6ffa1d8a979e3fb959baecc71ce34eab909fb716 replaced the use of strncpy with safe_strncpy. When we calculate the length here, we calculate it up to the separator, but don't include the sep. When the string is passed to safe_strncpy, that function subtracts an extra 1 byte to make room for the null character, which ends up cutting off the last character in the path since the length was exact, and relied on the 0-initialized, statically allocated buffer to null terminate the string by default. This commit increases the length value by one before calling safe_strncpy to avoid losing the last byte of data. This essentially copies the path, including the separator which was omitted before, and then replaces the separator with a null character. Signed-off-by: Chris Rogers --- drivers/block-crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/block-crypto.c b/drivers/block-crypto.c index 93d0d7d5..fb419f2f 100644 --- a/drivers/block-crypto.c +++ b/drivers/block-crypto.c @@ -143,7 +143,7 @@ find_keyfile(char **keyfile, const char *dirs, safe_strncpy(keydir, dirs, sizeof(keydir)); dirs = NULL; } else { - size_t len = sep - dirs; + size_t len = (sep - dirs) + 1; safe_strncpy(keydir, dirs, len); dirs = sep+1; }