[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 5/7] tools/xenpmd: fix possible '\0' truncation

To: xen-devel@xxxxxxxxxxxxx
From: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 5 Apr 2018 03:50:53 +0200
Cc: Wei Liu <wei.liu2@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 05 Apr 2018 01:51:47 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

gcc-8 complains:
    xenpmd.c:207:9: error: 'strncpy' specified bound 32 equals destination size 
[-Werror=stringop-truncation]
             strncpy(info->oem_info, attrib_value, 32);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    xenpmd.c:201:9: error: 'strncpy' specified bound 32 equals destination size 
[-Werror=stringop-truncation]
             strncpy(info->battery_type, attrib_value, 32);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    xenpmd.c:195:9: error: 'strncpy' specified bound 32 equals destination size 
[-Werror=stringop-truncation]
             strncpy(info->serial_number, attrib_value, 32);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    xenpmd.c:189:9: error: 'strncpy' specified bound 32 equals destination size 
[-Werror=stringop-truncation]
             strncpy(info->model_number, attrib_value, 32);
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copy 31 chars, then make sure terminating '\0' is present. Those fields
are passed to strlen and as '%s' for snprintf later.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
---
 tools/xenpmd/xenpmd.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/tools/xenpmd/xenpmd.c b/tools/xenpmd/xenpmd.c
index 689c8fd..56412a9 100644
--- a/tools/xenpmd/xenpmd.c
+++ b/tools/xenpmd/xenpmd.c
@@ -186,25 +186,29 @@ void set_attribute_battery_info(char *attrib_name,
 
     if ( strstr(attrib_name, "model number") ) 
     {
-        strncpy(info->model_number, attrib_value, 32);
+        strncpy(info->model_number, attrib_value, 31);
+        info->model_number[31] = '\0';
         return;
     }
 
     if ( strstr(attrib_name, "serial number") ) 
     {
-        strncpy(info->serial_number, attrib_value, 32);
+        strncpy(info->serial_number, attrib_value, 31);
+        info->serial_number[31] = '\0';
         return;
     }
 
     if ( strstr(attrib_name, "battery type") ) 
     {
-        strncpy(info->battery_type, attrib_value, 32);
+        strncpy(info->battery_type, attrib_value, 31);
+        info->battery_type[31] = '\0';
         return;
     }
 
     if ( strstr(attrib_name, "OEM info") ) 
     {
-        strncpy(info->oem_info, attrib_value, 32);
+        strncpy(info->oem_info, attrib_value, 31);
+        info->oem_info[31] = '\0';
         return;
     }
 
-- 
git-series 0.9.1

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH 0/7] Fix warnings found by gcc 8
  - From: Marek Marczykowski-Górecki

Prev by Date: [Xen-devel] [PATCH 2/7] tools/misc: fix hypothetical buffer overflow in xen-lowmemd
Next by Date: [Xen-devel] [PATCH 6/7] tools/gdbsx: fix -Wstringop-truncation warning
Previous by thread: [Xen-devel] [PATCH 2/7] tools/misc: fix hypothetical buffer overflow in xen-lowmemd
Next by thread: [Xen-devel] [PATCH 6/7] tools/gdbsx: fix -Wstringop-truncation warning
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.