[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings
From: |
Samuel Thibault |
Subject: |
Re: [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings |
Date: |
Tue, 14 Aug 2018 09:34:12 +0200 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
Joan Lledó, le sam. 11 août 2018 18:17:10 +0200, a ecrit:
> GCC 8 new warning -Wstringop-truncation detected some buffer overflows.
>
> * lwip/options.c (parse_opt): Fix the buffer overflow.
> * lwip/pfinet-ops.c (dev_ifconf): Likewise.
> ---
> lwip/options.c | 2 +-
> lwip/pfinet-ops.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/lwip/options.c b/lwip/options.c
> index 6591ac52..d35b9f32 100644
> --- a/lwip/options.c
> +++ b/lwip/options.c
> @@ -133,7 +133,7 @@ parse_opt (int opt, char *arg, struct argp_state *state)
> }
> in = h->curint;
>
> - strncpy (in->dev_name, arg, DEV_NAME_LEN);
> + strncpy (in->dev_name, arg, sizeof(in->dev_name)-1);
Mmm, but if arg is longer than the given size and doesn't contain a \0,
in->dev_name will not contain one either?
> break;
>
> case 'a':
> diff --git a/lwip/pfinet-ops.c b/lwip/pfinet-ops.c
> index 56b7dcd1..1af2a3fe 100644
> --- a/lwip/pfinet-ops.c
> +++ b/lwip/pfinet-ops.c
> @@ -61,7 +61,7 @@ dev_ifconf (struct ifconf *ifc)
> memset (ifr, 0, sizeof (struct ifreq));
>
> strncpy (ifr->ifr_name, netif_get_state (netif)->devname,
> - strlen (netif_get_state (netif)->devname) + 1);
> + sizeof (ifr->ifr_name)-1);
Similarly.
Samuel