Message ID | 20200106160705.10899-9-acme@kernel.org |
---|---|
State | Not Applicable |
Delegated to: | BPF Maintainers |
Headers | show |
Series | None | expand |
On Mon 2020-01-06 13:06:53, Arnaldo Carvalho de Melo wrote: > From: Andrey Zhizhikin <andrey.z@gmail.com> > > GCC9 introduced string hardening mechanisms, which exhibits the error > during fs api compilation: > > error: '__builtin_strncpy' specified bound 4096 equals destination size > [-Werror=stringop-truncation] > > This comes when the length of copy passed to strncpy is is equal to > destination size, which could potentially lead to buffer overflow. > > There is a need to mitigate this potential issue by limiting the size of > destination by 1 and explicitly terminate the destination with NULL. > > Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com> > Reviewed-by: Petr Mladek <pmladek@suse.com> > Acked-by: Jiri Olsa <jolsa@kernel.org> > Cc: Alexei Starovoitov <ast@kernel.org> > Cc: Andrii Nakryiko <andriin@fb.com> > Cc: Daniel Borkmann <daniel@iogearbox.net> > Cc: Kefeng Wang <wangkefeng.wang@huawei.com> > Cc: Martin KaFai Lau <kafai@fb.com> > Cc: Petr Mladek <pmladek@suse.com> > Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> > Cc: Song Liu <songliubraving@fb.com> > Cc: Yonghong Song <yhs@fb.com> > Cc: bpf@vger.kernel.org > Cc: netdev@vger.kernel.org > Link: http://lore.kernel.org/lkml/20191211080109.18765-1-andrey.zhizhikin@leica-geosystems.com > Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Reviewed-by: Petr Mladek <pmladek@suse.com> Best Regards, Petr
diff --git a/tools/lib/api/fs/fs.c b/tools/lib/api/fs/fs.c index 11b3885e833e..027b18f7ed8c 100644 --- a/tools/lib/api/fs/fs.c +++ b/tools/lib/api/fs/fs.c @@ -210,6 +210,7 @@ static bool fs__env_override(struct fs *fs) size_t name_len = strlen(fs->name); /* name + "_PATH" + '\0' */ char upper_name[name_len + 5 + 1]; + memcpy(upper_name, fs->name, name_len); mem_toupper(upper_name, name_len); strcpy(&upper_name[name_len], "_PATH"); @@ -219,7 +220,8 @@ static bool fs__env_override(struct fs *fs) return false; fs->found = true; - strncpy(fs->path, override_path, sizeof(fs->path)); + strncpy(fs->path, override_path, sizeof(fs->path) - 1); + fs->path[sizeof(fs->path) - 1] = '\0'; return true; }