[Sheepdog] [PATCH] sheepdog: restrict name length in struct bdrv_sd_state to SD_MAX_VDI_LEN

[MORITA Kazutaka]

Sheepdog cannot handle larger name length than SD_MAX_VDI_LEN.

Signed-off-by: MORITA Kazutaka <morita.kazutaka at lab.ntt.co.jp>
---
 block/sheepdog.c |    9 ++++-----
 1 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/block/sheepdog.c b/block/sheepdog.c
index ed7e0f6..f7ea853 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -227,7 +227,7 @@ struct bdrv_sd_state {
 	int nr_dirty_data_oids;
 	uint32_t dirty_data_oids[MAX_AIO_REQS];
 
-	char *name;
+	char name[SD_MAX_VDI_LEN];
 	int is_current;
 
 	int fd;
@@ -950,7 +950,7 @@ static int sd_open(BlockDriverState *bs, const char *filename, int flags)
 	s->nr_dirty_data_oids = 0;
 
 	bs->total_sectors = s->inode.vdi_size >> 9;
-	s->name = strdup(vdi);
+	strncpy(s->name, vdi, sizeof(s->name));
 	qemu_free(buf);
 
 	QLIST_INIT(&s->pending_head);
@@ -1056,7 +1056,6 @@ static void sd_close(BlockDriverState *bs)
 	struct bdrv_sd_state *s = bs->opaque;
 
 	close(s->fd);
-	qemu_free(s->name);
 }
 
 static int sd_claim(BlockDriverState *bs)
@@ -1437,7 +1436,7 @@ static int sd_snapshot_goto(BlockDriverState *bs, const char *snapshot_id)
 {
 	struct bdrv_sd_state *s = bs->opaque;
 	struct bdrv_sd_state *old_s;
-	char vdi[256];
+	char vdi[SD_MAX_VDI_LEN];
 	char *buf = NULL;
 	uint32_t vid;
 	uint32_t snapid = 0;
@@ -1464,7 +1463,7 @@ static int sd_snapshot_goto(BlockDriverState *bs, const char *snapshot_id)
 		eprintf("Failed to allocate memory\n");
 		goto out;
 	}
-	strncpy(vdi, s->name, strlen(s->name)+1);
+	strncpy(vdi, s->name, sizeof(vdi));
 	ret = find_vdi_name(s, vdi, snapid, &vid);
 	if (ret) {
 		eprintf("Failed to find_vdi_name\n");
-- 
1.5.6.5