From 08cd7083cac4bddf88459efa0881ee52858e7d0a Mon Sep 17 00:00:00 2001
From: Christian Marangi <ansuelsmth@gmail.com>
Date: Mon, 22 Jan 2024 01:41:24 +0100
Subject: [PATCH] libfstools: fit: improve fit_volume_find string handling

While string are hardcoded and it's impossible to overflow it, make the
string handling more secure to mute Coverity Scan report by using
strncpy and adding a define for the max size of the DEVPATHSTR.

Fix Coverity Scan CID 1586643:  Security best practices violations
(STRING_OVERFLOW).

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
---
 libfstools/fit.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libfstools/fit.c b/libfstools/fit.c
index b0da854..a8f0c66 100644
--- a/libfstools/fit.c
+++ b/libfstools/fit.c
@@ -3,6 +3,7 @@
 #include "common.h"
 
 #define BUFLEN 64
+#define DEVPATHSTR_SIZE 15
 
 static const char *const fit0 = "/dev/fit0";
 static const char *const fitrw = "/dev/fitrw";
@@ -15,7 +16,7 @@ struct devpath {
 struct fit_volume {
 	struct volume v;
 	union {
-		char devpathstr[16];
+		char devpathstr[DEVPATHSTR_SIZE+1];
 		struct devpath devpath;
 	} dev;
 };
@@ -79,7 +80,7 @@ static struct volume *fit_volume_find(char *name)
 	if (!p)
 		return NULL;
 
-	strcpy(p->dev.devpathstr, fname);
+	strncpy(p->dev.devpathstr, fname, DEVPATHSTR_SIZE);
 	p->v.drv = &fit_driver;
 	p->v.blk = p->dev.devpathstr;
 	p->v.name = name;
-- 
2.30.2