From 84d51a2e99277dfb728edc7c5e06273a49d197f5 Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@altlinux.org>
Date: Sat, 20 Oct 2007 22:08:20 +0400
Subject: [PATCH] e2image: Fix potential off-by-one fs_device_name buffer
 overflow

In write_image_file(), fix length argument of strncat(3) call.

Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
---
 misc/e2image.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/misc/e2image.c b/misc/e2image.c
index 1fbb267..44f4897 100644
--- a/misc/e2image.c
+++ b/misc/e2image.c
@@ -126,8 +126,7 @@ static void write_image_file(ext2_filsys fs, int fd)
 	hdr.magic_number = EXT2_ET_MAGIC_E2IMAGE;
 	strcpy(hdr.magic_descriptor, "Ext2 Image 1.0");
 	gethostname(hdr.fs_hostname, sizeof(hdr.fs_hostname));
-	strncat(hdr.fs_device_name, device_name, sizeof(hdr.fs_device_name));
-	hdr.fs_device_name[sizeof(hdr.fs_device_name) - 1] = 0;
+	strncat(hdr.fs_device_name, device_name, sizeof(hdr.fs_device_name) - 1);
 	hdr.fs_blocksize = fs->blocksize;
 	
 	if (stat(device_name, &st) == 0)
-- 
1.8.3.1