libmultipath: check argument length in execute_program()

The 'path' argument of execute_program() is actually an
array with fixed length. So we should be using the same
length here to avoid overflows. And we should check the
number or arguments, too, as the list we're using is
static, too.

Signed-off-by: Hannes Reinecke <hare@suse.de>

2 files changed, 7 insertions, 14 deletions

diff --git a/libmultipath/callout.c b/libmultipath/callout.c
index 520343e..ae19051 100644
--- a/libmultipath/callout.c
+++ b/libmultipath/callout.c
@@ -17,17 +17,9 @@
 #include "checkers.h"
 #include "vector.h"
 #include "structs.h"
+#include "util.h"
 #include "debug.h"
 
-#define PROGRAM_SIZE	100
-#define FIELD_PROGRAM
-
-#define strfieldcpy(to, from) \
-do { \
-	to[sizeof(to)-1] = '\0'; \
-	strncpy(to, from, sizeof(to)-1); \
-} while (0)
-
 int execute_program(char *path, char *value, int len)
 {
 	int retval;
@@ -36,16 +28,17 @@ int execute_program(char *path, char *value, int len)
 	int fds[2], null_fd;
 	pid_t pid;
 	char *pos;
-	char arg[PROGRAM_SIZE];
-	char *argv[sizeof(arg) / 2];
+	char arg[CALLOUT_MAX_SIZE];
+	int argc = sizeof(arg) / 2;
+	char *argv[argc + 1];
 	int i;
 
 	i = 0;
 
 	if (strchr(path, ' ')) {
-		strfieldcpy(arg, path);
+		strlcpy(arg, path, sizeof(arg));
 		pos = arg;
-		while (pos != NULL) {
+		while (pos != NULL && i < argc) {
 			if (pos[0] == '\'') {
 				/* don't separate if in apostrophes */
 				pos++;
diff --git a/libmultipath/structs.h b/libmultipath/structs.h
index 78ba81e..e2d2e28 100644
--- a/libmultipath/structs.h
+++ b/libmultipath/structs.h
@@ -9,7 +9,7 @@
 #define PATH_STR_SIZE  		16
 #define PARAMS_SIZE		1024
 #define FILE_NAME_SIZE		256
-#define CALLOUT_MAX_SIZE	128
+#define CALLOUT_MAX_SIZE	256
 #define BLK_DEV_SIZE		33
 #define PATH_SIZE		512
 #define NAME_SIZE		512