Re: [spice-gtk 2/4] coverity: avoid string overflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> 
> On Mon, Apr 4, 2016 at 9:59 AM, Fabiano Fidêncio <fidencio@xxxxxxxxxx> wrote:
> > sockaddr_un.sun_path has 108 bytes, while pipe_name has
> > PIPE_NAME_MAX_LEN (256 bytes)
> > ---
> >  src/controller/test.c | 6 ++++++
> >  1 file changed, 6 insertions(+)
> >
> > diff --git a/src/controller/test.c b/src/controller/test.c
> > index 9a45581..649aca5 100644
> > --- a/src/controller/test.c
> > +++ b/src/controller/test.c
> > @@ -233,6 +233,12 @@ int main (int argc, char *argv[])
> >      snprintf (pipe_name, PIPE_NAME_MAX_LEN, PIPE_NAME);

So changing PIPE_NAME_MAX_LEN here to something like MIN(PIPE_NAME_MAX_LEN, sizeof(remote.sun_path))
would work too.

> >      printf ("Creating a controller connection %s\n", pipe_name);
> >      struct sockaddr_un remote;
> > +
> > +    if (strlen(pipe_name) + 1 > sizeof(remote.sun_path)) {
> > +        printf ("address is too long for unix socket_path: %s",
> > pipe_name);
> > +        return -1;
> > +    }
> > +
> >      if ((sock = socket (AF_UNIX, SOCK_STREAM, 0)) == -1) {
> >          printf ("Could not open socket, (%d) %s\n", errno,
> >          strerror(errno));
> >          return -1;
> > --
> > 2.7.3
> >
> 
> ping?

By the way... code is only for a test and PIPE_NAME is "/tmp/test",
IMHO the coverity report should be marked as "Intentional", "ignore"

Frediano
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]