libblkid-tiny: fix buffer overflow

Copying device name into a fixed-length buffer is problematic as
the name can be longer than the buffer, resulting in subsequent fields
getting corrupted and potentially even worse things.
Drop strcpy of device name and use of the copied value as it is known
anyway.

Before this fix:
/dev/mapper/owrt--volumes--e093cc66-rw_test: UUID="c66-rw_test" LABEL="test" VERSION="1.14" TYPE="f2fs"

After this fix:
/dev/mapper/owrt--volumes--e093cc66-rw_test: UUID="5eda3e52-3427-493a-a6d6-ffdb5a5836fd" LABEL="test" VERSION="1.14" TYPE="f2fs"

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

2 files changed, 2 insertions, 5 deletions

diff --git a/libblkid-tiny/libblkid-tiny.c b/libblkid-tiny/libblkid-tiny.c
index 52470ca..18db4ef 100644
--- a/libblkid-tiny/libblkid-tiny.c
+++ b/libblkid-tiny/libblkid-tiny.c
@@ -226,7 +226,6 @@ int probe_block(char *block, struct blkid_struct_probe *pr)
 			DEBUG("probing %s\n", idinfos[i]->name);
 			pr->err = idinfos[i]->probefunc(pr, mag);
 			pr->id = idinfos[i];
-			strcpy(pr->dev, block);
 			if (!pr->err)
 				break;
 		}
diff --git a/probe.c b/probe.c
index 3ed7a7d..ab1bc61 100644
--- a/probe.c
+++ b/probe.c
@@ -31,16 +31,14 @@ probe_path_tiny(const char *path)
 	if (probe_block((char *)path, pr) == 0 && pr->id && !pr->err) {
 		info = calloc_a(sizeof(*info),
 		                &type,    strlen(pr->id->name) + 1,
-		                &dev,     strlen(pr->dev)      + 1,
+		                &dev,     strlen(path)         + 1,
 		                &uuid,    strlen(pr->uuid)     + 1,
 		                &label,   strlen(pr->label)    + 1,
 		                &version, strlen(pr->version)  + 1);
 
 		if (info) {
 			info->type = strcpy(type, pr->id->name);
-
-			if (pr->dev[0])
-				info->dev = strcpy(dev, pr->dev);
+			info->dev = strcpy(dev, path);
 
 			if (pr->uuid[0])
 				info->uuid = strcpy(uuid, pr->uuid);