From 5454133fac5af90d436ece81c7fd015ab3c2d867 Mon Sep 17 00:00:00 2001
From: Christian Weisgerber <naddy@cvs.openbsd.org>
Date: Mon, 19 Oct 2020 19:06:50 +0000
Subject: Accommodate POSIX basename(3) that takes a non-const parameter and
 may in fact modify the string buffer.

truncation check requested and ok florian@
---
 usr.sbin/vmd/vioqcow2.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/usr.sbin/vmd/vioqcow2.c b/usr.sbin/vmd/vioqcow2.c
index 678ed4f8eef..34d0f116cc4 100644
--- a/usr.sbin/vmd/vioqcow2.c
+++ b/usr.sbin/vmd/vioqcow2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vioqcow2.c,v 1.13 2019/01/10 19:21:02 deraadt Exp $	*/
+/*	$OpenBSD: vioqcow2.c,v 1.14 2020/10/19 19:06:49 naddy Exp $	*/
 
 /*
  * Copyright (c) 2018 Ori Bernstein <ori@eigenstate.org>
@@ -145,6 +145,7 @@ virtio_qcow2_init(struct virtio_backing *file, off_t *szp, int *fd, size_t nfd)
 ssize_t
 virtio_qcow2_get_base(int fd, char *path, size_t npath, const char *dpath)
 {
+	char dpathbuf[PATH_MAX];
 	char expanded[PATH_MAX];
 	struct qcheader header;
 	uint64_t backingoff;
@@ -186,7 +187,12 @@ virtio_qcow2_get_base(int fd, char *path, size_t npath, const char *dpath)
 			return -1;
 		}
 	} else {
-		s = dirname(dpath);
+		if (strlcpy(dpathbuf, dpath, sizeof(dpathbuf)) >=
+		    sizeof(dpathbuf)) {
+			log_warnx("path too long: %s", dpath);
+			return -1;
+		}
+		s = dirname(dpathbuf);
 		if (snprintf(expanded, sizeof(expanded),
 		    "%s/%s", s, path) >= (int)sizeof(expanded)) {
 			log_warnx("path too long: %s/%s", s, path);
-- 
cgit v1.2.3