Re: [PATCH 3/6] osm_console_io.c: To avoid potential no NUL-terminated strncpy

Hal Rosenstock <hal@xxxxxxxxxxxxxxxxxx> · Wed, 25 Jul 2018 07:59:40 -0400

On 7/19/2018 10:50 PM, Honggang LI wrote:
> From: Honggang Li <honli@xxxxxxxxxx>
> 
> The default string of opt-console is OSM_DEFAULT_CONSOLE, which equal
> "off". It is safe to copy 32 bites in ‘osm_console_init’, when the
> 'console' field was initialized with default value. But this minor fix
> avoid potential no NUL-terminated strncpy.
> 
> make[2]: Entering directory '/home/honli/upstream-repos/opensm/opensm'
> depbase=`echo osm_console_io.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
> gcc -DHAVE_CONFIG_H -I. -I../include -I../include/opensm  -I./../include -I./../../libibumad/include -I/usr/local/include   -Werror -Wall -Wwrite-strings -g -D_XOPEN_SOURCE=600 -D_DEFAULT_SOURCE=1 -g -O2 -MT osm_console_io.o -MD -MP -MF $depbase.Tpo -c -o osm_console_io.o osm_console_io.c &&\
> mv -f $depbase.Tpo $depbase.Po
> osm_console_io.c: In function ‘osm_console_init’:
> osm_console_io.c:186:2: error: ‘strncpy’ specified bound 32 equals destination size [-Werror=stringop-truncation]
>   strncpy(p_oct->client_type, opt->console, sizeof(p_oct->client_type));
>   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors
> 
> Signed-off-by: Honggang Li <honli@xxxxxxxxxx>
> ---
>  opensm/osm_console_io.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/opensm/osm_console_io.c b/opensm/osm_console_io.c
> index e358a55cd5d8..f82bf9cf65f0 100644
> --- a/opensm/osm_console_io.c
> +++ b/opensm/osm_console_io.c
> @@ -182,8 +182,11 @@ void osm_console_prompt(FILE * out)
>  
>  int osm_console_init(osm_subn_opt_t * opt, osm_console_t * p_oct, osm_log_t * p_log)
>  {
> +	int cnt = strlen(opt->console);
>  	p_oct->socket = -1;
> -	strncpy(p_oct->client_type, opt->console, sizeof(p_oct->client_type));
> +	if (strlen(opt->console) > sizeof(p_oct->client_type)-1)
> +		cnt = sizeof(p_oct->client_type)-1;
> +	strncpy(p_oct->client_type, opt->console, cnt);
>  
>  	/* set up the file descriptors for the console */
>  	if (strcmp(opt->console, OSM_LOCAL_CONSOLE) == 0) {

A slightly different approach to solve this in patch to be posted shortly.

-- Hal

--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html