Message ID | 20200405094444.10341-1-sbabic@denx.de |
---|---|
State | Changes Requested |
Headers | show |
Series | Fix coverity #292212 | expand |
On 05/04/20 11:44, Stefano Babic wrote: > CID 292212 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING) > 13. buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes > on destination array swcomp->version of size 256 bytes might leave > the destination string unterminated. > > Signed-off-by: Stefano Babic <sbabic@denx.de> > --- > core/artifacts_versions.c | 5 +++++ > include/util.h | 1 + > 2 files changed, 6 insertions(+) > > diff --git a/core/artifacts_versions.c b/core/artifacts_versions.c > index dc5e496..022397a 100644 > --- a/core/artifacts_versions.c > +++ b/core/artifacts_versions.c > @@ -56,11 +56,16 @@ static int read_sw_version_file(struct swupdate_cfg *sw) > ret = fscanf(fp, "%ms %ms", &name, &version); > /* pair component / version found */ > if (ret == 2) { > + /* > + * Check bounds > + */ > swcomp = (struct sw_version *)calloc(1, sizeof(struct sw_version)); > if (!swcomp) { > ERROR("Allocation error"); > return -ENOMEM; > } > + SWUPDATE_TRUNC_STRING(name, sizeof(swcomp->name) - 1); > + SWUPDATE_TRUNC_STRING(version, sizeof(swcomp->version) - 1); > strncpy(swcomp->name, name, sizeof(swcomp->name)); Check above + copy is provided by strlcpy() from FreeBSD, import it here. It makes easier to fix all of them (strncpy --> strlcpy). Stefano > strncpy(swcomp->version, version, sizeof(swcomp->version)); > LIST_INSERT_HEAD(&sw->installed_sw_list, swcomp, next); > diff --git a/include/util.h b/include/util.h > index f397113..2d17f83 100644 > --- a/include/util.h > +++ b/include/util.h > @@ -26,6 +26,7 @@ > > #define HWID_REGEXP_PREFIX "#RE:" > #define SWUPDATE_ALIGN(A,S) (((A) + (S) - 1) & ~((S) - 1)) > +#define SWUPDATE_TRUNC_STRING(s, maxlen) if (strlen(s) > maxlen) s[maxlen] = '\0' > > extern int loglevel; > >
diff --git a/core/artifacts_versions.c b/core/artifacts_versions.c index dc5e496..022397a 100644 --- a/core/artifacts_versions.c +++ b/core/artifacts_versions.c @@ -56,11 +56,16 @@ static int read_sw_version_file(struct swupdate_cfg *sw) ret = fscanf(fp, "%ms %ms", &name, &version); /* pair component / version found */ if (ret == 2) { + /* + * Check bounds + */ swcomp = (struct sw_version *)calloc(1, sizeof(struct sw_version)); if (!swcomp) { ERROR("Allocation error"); return -ENOMEM; } + SWUPDATE_TRUNC_STRING(name, sizeof(swcomp->name) - 1); + SWUPDATE_TRUNC_STRING(version, sizeof(swcomp->version) - 1); strncpy(swcomp->name, name, sizeof(swcomp->name)); strncpy(swcomp->version, version, sizeof(swcomp->version)); LIST_INSERT_HEAD(&sw->installed_sw_list, swcomp, next); diff --git a/include/util.h b/include/util.h index f397113..2d17f83 100644 --- a/include/util.h +++ b/include/util.h @@ -26,6 +26,7 @@ #define HWID_REGEXP_PREFIX "#RE:" #define SWUPDATE_ALIGN(A,S) (((A) + (S) - 1) & ~((S) - 1)) +#define SWUPDATE_TRUNC_STRING(s, maxlen) if (strlen(s) > maxlen) s[maxlen] = '\0' extern int loglevel;
CID 292212 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING) 13. buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array swcomp->version of size 256 bytes might leave the destination string unterminated. Signed-off-by: Stefano Babic <sbabic@denx.de> --- core/artifacts_versions.c | 5 +++++ include/util.h | 1 + 2 files changed, 6 insertions(+)