From c00ee906582b87aeced4b2fb0caa011edb5cbc17 Mon Sep 17 00:00:00 2001
From: Martin Wilck <mwilck@suse.com>
Date: Mon, 24 Jun 2019 11:27:41 +0200
Subject: [PATCH 4/8] libmultipath: Fix buffer overflow in parse_vpd_pg80()

We set out[len] = '\0' later, thus we should set len to no more then
out_len - 1.

Fixes: 756ef73b7197 "Separate out vpd parsing functions"
Signed-off-by: Martin Wilck <mwilck@suse.com>
---
 libmultipath/discovery.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libmultipath/discovery.c b/libmultipath/discovery.c
index 9e99d9d..416823b 100644
--- a/libmultipath/discovery.c
+++ b/libmultipath/discovery.c
@@ -999,7 +999,7 @@ parse_vpd_pg80(const unsigned char *in, char *out, size_t out_len)
 	if (len >= out_len) {
 		condlog(2, "vpd pg80 overflow, %d/%d bytes required",
 			len, (int)out_len);
-		len = out_len;
+		len = out_len - 1;
 	}
 	if (len > 0) {
 		memcpy(out, in + 4, len);
-- 
1.8.3.1