From patchwork Sun Apr 5 09:44:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Babic X-Patchwork-Id: 1266517 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::440; helo=mail-wr1-x440.google.com; envelope-from=swupdate+bncbcxploxj6ikrbf6ru32akgqegtg4xqy@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=denx.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20161025 header.b=E0BTk3qO; dkim-atps=neutral Received: from mail-wr1-x440.google.com (mail-wr1-x440.google.com [IPv6:2a00:1450:4864:20::440]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48w80W1mZYz9sR4 for ; Sun, 5 Apr 2020 19:44:58 +1000 (AEST) Received: by mail-wr1-x440.google.com with SMTP id 88sf3555161wrq.4 for ; Sun, 05 Apr 2020 02:44:58 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1586079896; cv=pass; d=google.com; s=arc-20160816; b=wz9saBcwsh/U8zoQq9ZVmsqO4/K0PgaLSz0xlUGZPiZCf82236Cabf+1FbOdIgnCYs Ve9FbJo+/yhOWMA+pYJcgxZTmEGeD7Qdcej4WBNcLqeFL4inhb+N5zVMOU6Q7Rylivyb oKUd9lR6+KpVNB4gdkGTlKJWlpV+w52E3u7MQ4GBELSwcf+33k+o2b6xX+D6JH52IDUA +Y5Ck9tv8lu1gIOTcrD3HYfzaLXjJuOPHjMHKAyqN4lxfTdc+m3sPtk6c+5qWe+NLrqc AZKJrMhA7pJOA8zl+J5VEywNo8MGVUN3o49syCXoQfUJSdFyvtGwbcpr526cenuBgfZq 0QMg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:message-id:date :subject:cc:to:from:sender:dkim-signature; bh=1e33yJrNtjuHbXEaZkaLd6QiOTGDcDsQrp2oZ4r64HE=; b=m7ypDdJ4xVJQPpbpNmLq++ntEQqc97OGHsR1tE6FtcltbHK5BYsgoM6Am7Fv5ODg2R vO4TAlBUgnxTypbjikYojAkeX5R322f1koXFnZOQ2wmk+tXm3WEAKu9tXVXSzDCtBoe1 XnE77w4f7iVL8t5eSQHz6JQVFjWhQtujhG92+NyMxydwKpllcMQvM0YxZB8iy4MSIQrF oGnxEdWkZ6FlVnqYO0hGp9YfT/pZZQEPqIqJ5f2FVbBq9or1fuZ2p4GERkeNGHM2/+Ht aHaCxg36Y7587m5Mef8WZ381JYyjDLI0nJ3mne5Vin11BqrSCaRGZT7YPU2Tww1kra2x cqyA== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.10 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:mime-version :x-original-sender:x-original-authentication-results:precedence :mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=1e33yJrNtjuHbXEaZkaLd6QiOTGDcDsQrp2oZ4r64HE=; b=E0BTk3qOMvpWuawCOe4LeLMNrx1VvbwjzRi8dvdGPgSatwPZlRpfH9MIS+Vyxof4uO 3X5EIhELx+2jrqw3diwiWBamlDUX+5rEnHY343DWC0zhJbsOOUS8dqu0RD25mg1WFRjE 4ydkq34vm1uXuDK3bKITenWL6d+ucStq4kKvwmjip8PjosbWGMopYTJS58/v9d0ImBlm aqIaUlr4ex5fNXsiRf2D2srWhFDtN1FEkHoc3fimZtsj6Ju+53pLO45UCfPGyaDVMJDq 9/6KW6MfzGP/azCc7SYl1Yhu48TSVTQblK7PRcA7jHxQ0IkRukyIqIFRNPlqWxFEQKDC k+LA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:from:to:cc:subject:date:message-id :mime-version:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=1e33yJrNtjuHbXEaZkaLd6QiOTGDcDsQrp2oZ4r64HE=; b=F+neJIechdgt2yaU8A0/wlxdElIvq2zrPKDHlLkylzhb9DDG81qBOtwHswTuyzXfqi ofLQlulAg50UNTdn3EaqAWVerBl8HQyUt7HS1Qk1uXmQ9rH7x5hBGX75486EvHZoLRyF gGPKSP98kf8v3dyNtQgkjsghrAUPdKBK5YaUECl9OgLhWzwnkKtSwet25fI6QQ3IP8cn D7oRxwS9iR8ju8REgcfgM8KAnLLBL3lvnmtX9BLXgiEVeM+nKQNZdIaNn8bPEs2bqhtb R4h+NNR8kKKBV2JCkquJCxWJnhlytfjo62pvJh1mmzZYeSOBh882D7+4t2bD0pW0uzXK EGsg== Sender: swupdate@googlegroups.com X-Gm-Message-State: AGi0PuZNa3gm/c3EJx2V1MtDU7patNWH89bEhIXPOSzshnFkz0oflUjE 21cOzai80ARvXVrVTNLK3rI= X-Google-Smtp-Source: APiQypK+ktsvIgUkeNSkXbpZiw5rF1HNYU3LZgQ3sctv+QTQxkpOAV5Xkqi617ieJ8l6lRDmLYyl6Q== X-Received: by 2002:a1c:7308:: with SMTP id d8mr17967813wmb.31.1586079895917; Sun, 05 Apr 2020 02:44:55 -0700 (PDT) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a1c:67c2:: with SMTP id b185ls4090416wmc.1.gmail; Sun, 05 Apr 2020 02:44:55 -0700 (PDT) X-Received: by 2002:a05:600c:210c:: with SMTP id u12mr594603wml.135.1586079895245; Sun, 05 Apr 2020 02:44:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586079895; cv=none; d=google.com; s=arc-20160816; b=nnWIMp1+4zC4bJRm7UUTqIT7FQ4KxxC+3k7agtfHgrEpJVj9EivQSJ/bO3wAcy53n1 vbn/bPSIB8cA+doKYQgpqi5jJRVpsED2wq7VHCY/vSzdKXNq+sukSgLmgGrpE5PXdPYb V3Lw7eQR/6xUgV6iCqkMoDGyf3VaoY2Ixhtg//t0Va1o1D1up+5uXQ83xMbLxv+ut/Dp kkGKzxK9bTZ6/iaPWyhLgc4zu0okfho/LtYjFZVmxcml++wcVXg8lVxkePq1Oot3Pl+C pkOLLGThshfg2EawJ43/igWPN6NhPL5KLUKm5cY7KouesgIHqqwMnmVBOinzkbxLRCRm /yCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from; bh=Js1hoJsETo1nG/6l3cMT/DByeY1Gzd/vAfbm+Grgsi0=; b=DXPzhKMRS9veZf0DOwsvJt9zgdHt5snHdHbsQvBcUfG2j+IfhFwQV4RIOsi6t2+SeN SpxZVUK52gCc5WLgN2HNx52e4dJOhPnyjB8BWaCJm7YEz/VwXw9Ph7ORvQEgkfTWx831 tmrgfMEWKTBeRbUXH4dA6ncxdr45EsgLniNZkzkE1f/rsg2C32AqVvBWTjn0ZlZLK+5F Q4ucq8ZE8hJLFH5AFhjdxmRJe8tEqQND1SbnYnLh/2BBPUciXOF2c8qPQLLIJ7akgDDF KbK0yhIigXS7/z87JU+Qa+5vmFXPFVN0XG7aL42YYiMba6+jNyuBYelQVjuRL31yKWpR 185A== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.10 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de Received: from mail-out.m-online.net (mail-out.m-online.net. [212.18.0.10]) by gmr-mx.google.com with ESMTPS id q2si762628wrc.2.2020.04.05.02.44.55 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 05 Apr 2020 02:44:55 -0700 (PDT) Received-SPF: neutral (google.com: 212.18.0.10 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) client-ip=212.18.0.10; Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 48w80R0fMSz1rpFv; Sun, 5 Apr 2020 11:44:55 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 48w80R0RCpz1qqkk; Sun, 5 Apr 2020 11:44:55 +0200 (CEST) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id OX6G8cygWyhs; Sun, 5 Apr 2020 11:44:54 +0200 (CEST) Received: from babic.homelinux.org (host-88-217-136-221.customer.m-online.net [88.217.136.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPS; Sun, 5 Apr 2020 11:44:54 +0200 (CEST) Received: from localhost (mail.babic.homelinux.org [127.0.0.1]) by babic.homelinux.org (Postfix) with ESMTP id AFA954540555; Sun, 5 Apr 2020 11:44:54 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at babic.homelinux.org Received: from babic.homelinux.org ([127.0.0.1]) by localhost (mail.babic.homelinux.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3L_6vJ4LCNPU; Sun, 5 Apr 2020 11:44:52 +0200 (CEST) Received: from paperino.fritz.box (paperino.fritz.box [192.168.178.38]) by babic.homelinux.org (Postfix) with ESMTP id 634B645403BB; Sun, 5 Apr 2020 11:44:45 +0200 (CEST) From: Stefano Babic To: swupdate@googlegroups.com Cc: Stefano Babic Subject: [swupdate] [PATCH] Fix coverity #292212 Date: Sun, 5 Apr 2020 11:44:44 +0200 Message-Id: <20200405094444.10341-1-sbabic@denx.de> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-Original-Sender: sbabic@denx.de X-Original-Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 212.18.0.10 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , CID 292212 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING) 13. buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array swcomp->version of size 256 bytes might leave the destination string unterminated. Signed-off-by: Stefano Babic --- core/artifacts_versions.c | 5 +++++ include/util.h | 1 + 2 files changed, 6 insertions(+) diff --git a/core/artifacts_versions.c b/core/artifacts_versions.c index dc5e496..022397a 100644 --- a/core/artifacts_versions.c +++ b/core/artifacts_versions.c @@ -56,11 +56,16 @@ static int read_sw_version_file(struct swupdate_cfg *sw) ret = fscanf(fp, "%ms %ms", &name, &version); /* pair component / version found */ if (ret == 2) { + /* + * Check bounds + */ swcomp = (struct sw_version *)calloc(1, sizeof(struct sw_version)); if (!swcomp) { ERROR("Allocation error"); return -ENOMEM; } + SWUPDATE_TRUNC_STRING(name, sizeof(swcomp->name) - 1); + SWUPDATE_TRUNC_STRING(version, sizeof(swcomp->version) - 1); strncpy(swcomp->name, name, sizeof(swcomp->name)); strncpy(swcomp->version, version, sizeof(swcomp->version)); LIST_INSERT_HEAD(&sw->installed_sw_list, swcomp, next); diff --git a/include/util.h b/include/util.h index f397113..2d17f83 100644 --- a/include/util.h +++ b/include/util.h @@ -26,6 +26,7 @@ #define HWID_REGEXP_PREFIX "#RE:" #define SWUPDATE_ALIGN(A,S) (((A) + (S) - 1) & ~((S) - 1)) +#define SWUPDATE_TRUNC_STRING(s, maxlen) if (strlen(s) > maxlen) s[maxlen] = '\0' extern int loglevel;