Re: [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings

From:	Samuel Thibault
Subject:	Re: [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings
Date:	Tue, 14 Aug 2018 09:34:12 +0200
User-agent:	NeoMutt/20170113 (1.7.2)

Joan Lledó, le sam. 11 août 2018 18:17:10 +0200, a ecrit:
> GCC 8 new warning -Wstringop-truncation detected some buffer overflows.
> 
> * lwip/options.c (parse_opt): Fix the buffer overflow.
> * lwip/pfinet-ops.c (dev_ifconf): Likewise.
> ---
>  lwip/options.c    | 2 +-
>  lwip/pfinet-ops.c | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/lwip/options.c b/lwip/options.c
> index 6591ac52..d35b9f32 100644
> --- a/lwip/options.c
> +++ b/lwip/options.c
> @@ -133,7 +133,7 @@ parse_opt (int opt, char *arg, struct argp_state *state)
>       }
>        in = h->curint;
>  
> -      strncpy (in->dev_name, arg, DEV_NAME_LEN);
> +      strncpy (in->dev_name, arg, sizeof(in->dev_name)-1);

Mmm, but if arg is longer than the given size and doesn't contain a \0,
in->dev_name will not contain one either?

>        break;
>  
>      case 'a':
> diff --git a/lwip/pfinet-ops.c b/lwip/pfinet-ops.c
> index 56b7dcd1..1af2a3fe 100644
> --- a/lwip/pfinet-ops.c
> +++ b/lwip/pfinet-ops.c
> @@ -61,7 +61,7 @@ dev_ifconf (struct ifconf *ifc)
>         memset (ifr, 0, sizeof (struct ifreq));
>  
>         strncpy (ifr->ifr_name, netif_get_state (netif)->devname,
> -                strlen (netif_get_state (netif)->devname) + 1);
> +                sizeof (ifr->ifr_name)-1);

Similarly.

Samuel

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings, (continued)
- [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings, Joan Lledó, 2018/08/07
- Re: Patches: lwip translator, Samuel Thibault, 2018/08/09
  - Re: Patches: lwip translator, Joan Lledó, 2018/08/11
    - [PATCH 1/4] lwip: poll(): return EIO when POLLERR is set, Joan Lledó, 2018/08/11
    - Re: [PATCH 1/4] lwip: poll(): return EIO when POLLERR is set, Samuel Thibault, 2018/08/13
    - [PATCH 3/4] lwip: return EINTR when a select() IPC thread is cancelled, Joan Lledó, 2018/08/11
    - Re: [PATCH 3/4] lwip: return EINTR when a select() IPC thread is cancelled, Samuel Thibault, 2018/08/13
    - [PATCH 2/4] lwip: refactor main demuxer to avoid code duplication, Joan Lledó, 2018/08/11
    - Re: [PATCH 2/4] lwip: refactor main demuxer to avoid code duplication, Samuel Thibault, 2018/08/13
    - [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings, Joan Lledó, 2018/08/11
    - Re: [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings, Samuel Thibault <=
    - Re: [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings, Joan Lledó, 2018/08/14
    - Re: [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings, Samuel Thibault, 2018/08/14

Prev by Date: Re: [PATCH 3/4] lwip: return EINTR when a select() IPC thread is cancelled
Next by Date: Re: [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings
Previous by thread: [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings
Next by thread: Re: [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings
Index(es):
- Date
- Thread