| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <efb6a29fef0e4ca1845956701f670b4b@AcuMS.aculab.com>
Date: Mon, 30 Nov 2020 09:18:59 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Stephen Hemminger' <stephen@...workplumber.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: RE: [PATCH 4/5] misc: fix compiler warning in ifstat and nstat
From: Stephen Hemminger
> Sent: 30 November 2020 00:22
>
> The code here was doing strncpy() in a way that causes gcc 10
> warning about possible string overflow. Just use strlcpy() which
> will null terminate and bound the string as expected.
>
> This has existed since start of git era so no Fixes tag.
>
> Signed-off-by: Stephen Hemminger <stephen@...workplumber.org>
> ---
> misc/ifstat.c | 2 +-
> misc/nstat.c | 3 +--
> 2 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/misc/ifstat.c b/misc/ifstat.c
> index c05183d79a13..d4a33429dc50 100644
> --- a/misc/ifstat.c
> +++ b/misc/ifstat.c
> @@ -251,7 +251,7 @@ static void load_raw_table(FILE *fp)
> buf[strlen(buf)-1] = 0;
> if (info_source[0] && strcmp(info_source, buf+1))
> source_mismatch = 1;
> - strncpy(info_source, buf+1, sizeof(info_source)-1);
> + strlcpy(info_source, buf+1, sizeof(info_source));
> continue;
ISTM that once it has done a strlen() it ought to use the length
for the later copy.
I don't seem to have the source file (I'm guessing it isn't in the
normal repo), but is that initial strlen() guaranteed not to return
zero?
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists