1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
From 56a56567d4f334b119e60c4ef0ad87edf7b77609 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Fri, 1 Jun 2018 18:46:19 -0700
Subject: [PATCH] libopeniscsiusr/iface: Set strncpy bounds to not overflow
Fixes warnings found by gcc8
iface.c:492:47: error: '%s' directive output may be truncated writing up to 4095 bytes into a region of size 4073 [-Werror=format-truncation=]
iface.c:140:3: note: in expansion of macro '_strncpy'
_strncpy((*iface)->transport_name, proc_name + strlen("iscsi_"),
^~~~~~~~
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
libopeniscsiusr/iface.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libopeniscsiusr/iface.c b/libopeniscsiusr/iface.c
index 955395d..d33363e 100644
--- a/libopeniscsiusr/iface.c
+++ b/libopeniscsiusr/iface.c
@@ -138,7 +138,7 @@ int _iscsi_iface_get_from_sysfs(struct iscsi_context *ctx, uint32_t host_id,
if (strncmp(proc_name, "iscsi_", strlen("iscsi_")) == 0)
_strncpy((*iface)->transport_name, proc_name + strlen("iscsi_"),
- sizeof((*iface)->transport_name) / sizeof(char));
+ sizeof((*iface)->transport_name) / sizeof(char) - 1);
else
_strncpy((*iface)->transport_name, proc_name,
sizeof((*iface)->transport_name) / sizeof(char));
@@ -489,7 +489,8 @@ static int _fill_hw_iface_from_sys(struct iscsi_context *ctx,
sysfs_iface_dir_path = malloc(PATH_MAX);
_alloc_null_check(ctx, sysfs_iface_dir_path, rc, out);
- snprintf(sysfs_iface_dir_path, PATH_MAX, "%s/%s",
+ sysfs_iface_dir_path[PATH_MAX+strlen(_ISCSI_SYS_IFACE_DIR)] = '\0';
+ snprintf(sysfs_iface_dir_path, PATH_MAX+strlen(_ISCSI_SYS_IFACE_DIR)+1, "%s/%s",
_ISCSI_SYS_IFACE_DIR, iface_kern_id);
_good(_sysfs_prop_get_str(ctx, sysfs_iface_dir_path,
|