Patchwork [2/2] pci: maxreadreq: ensure we don't overflow with strncpy

login
register
mail settings
Submitter Colin King
Date Nov. 6, 2012, 4:19 p.m.
Message ID <1352218770-13472-3-git-send-email-colin.king@canonical.com>
Download mbox | patch
Permalink /patch/197498/
State Accepted
Headers show

Comments

Colin King - Nov. 6, 2012, 4:19 p.m.
From: Colin Ian King <colin.king@canonical.com>

Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 src/pci/maxreadreq/maxreadreq.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
Keng-Yu Lin - Nov. 8, 2012, 5:53 a.m.
On Wed, Nov 7, 2012 at 12:19 AM, Colin King <colin.king@canonical.com> wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
>  src/pci/maxreadreq/maxreadreq.c |    3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/pci/maxreadreq/maxreadreq.c b/src/pci/maxreadreq/maxreadreq.c
> index a570b37..e5ace46 100644
> --- a/src/pci/maxreadreq/maxreadreq.c
> +++ b/src/pci/maxreadreq/maxreadreq.c
> @@ -88,7 +88,8 @@ static int maxreadreq_test1(fwts_framework *fw)
>                                 break;
>                         }
>                         snprintf(current_device, sizeof(current_device), "pci://00:%s", line);
> -                       strncpy(current_type, line+8, 511);
> +                       strncpy(current_type, line+8, sizeof(current_type)-1);
> +                       current_type[sizeof(current_type)-1] = '\0';
>                         c = strchr(current_type, ':');
>                         if (c)
>                                 *c='\0';
> --
> 1.7.10.4
>
Acked-by: Keng-Yu Lin <kengyu@canonical.com>
Alex Hung - Nov. 21, 2012, 3:39 a.m.
On 11/07/2012 12:19 AM, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
>   src/pci/maxreadreq/maxreadreq.c |    3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/pci/maxreadreq/maxreadreq.c b/src/pci/maxreadreq/maxreadreq.c
> index a570b37..e5ace46 100644
> --- a/src/pci/maxreadreq/maxreadreq.c
> +++ b/src/pci/maxreadreq/maxreadreq.c
> @@ -88,7 +88,8 @@ static int maxreadreq_test1(fwts_framework *fw)
>   				break;
>   			}
>   			snprintf(current_device, sizeof(current_device), "pci://00:%s", line);
> -			strncpy(current_type, line+8, 511);
> +			strncpy(current_type, line+8, sizeof(current_type)-1);
> +			current_type[sizeof(current_type)-1] = '\0';
>   			c = strchr(current_type, ':');
>   			if (c)
>   				*c='\0';
>
Acked-by: Alex Hung <alex.hung@canonical.com>

Patch

diff --git a/src/pci/maxreadreq/maxreadreq.c b/src/pci/maxreadreq/maxreadreq.c
index a570b37..e5ace46 100644
--- a/src/pci/maxreadreq/maxreadreq.c
+++ b/src/pci/maxreadreq/maxreadreq.c
@@ -88,7 +88,8 @@  static int maxreadreq_test1(fwts_framework *fw)
 				break;
 			}
 			snprintf(current_device, sizeof(current_device), "pci://00:%s", line);
-			strncpy(current_type, line+8, 511);
+			strncpy(current_type, line+8, sizeof(current_type)-1);
+			current_type[sizeof(current_type)-1] = '\0';
 			c = strchr(current_type, ':');
 			if (c)
 				*c='\0';