1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
From 542380a13f178d97851751b57054a6b5be555d1c Mon Sep 17 00:00:00 2001
From: Jens Rehsack <sno@netbsd.org>
Date: Thu, 13 Aug 2020 16:16:44 +0200
Subject: [PATCH 2/2] test/test_x509.c: fix potential overflow issue
Instead of doing a memcpy() which does static overflow checking, use
snprintf() for string copying which does the check dynamically.
Fixes:
| In file included from .../recipe-sysroot/usr/include/string.h:519,
| from test/test_x509.c:27:
| In function 'memcpy',
| inlined from 'parse_keyvalue' at test/test_x509.c:845:2,
| inlined from 'process_conf_file' at test/test_x509.c:1360:7,
| inlined from 'main' at test/test_x509.c:2038:2:
| .../recipe-sysroot/usr/include/bits/string_fortified.h:34:10: warning: '__builtin_memcpy' specified bound 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=]
| 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Jens Rehsack <sno@netbsd.org>
---
test/test_x509.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/test/test_x509.c b/test/test_x509.c
index 2c61cf5..76f6ab9 100644
--- a/test/test_x509.c
+++ b/test/test_x509.c
@@ -842,8 +842,7 @@ parse_keyvalue(HT *d)
return -1;
}
name = xmalloc(u + 1);
- memcpy(name, buf, u);
- name[u] = 0;
+ snprintf(name, u, "%s", buf);
if (HT_get(d, name) != NULL) {
xfree(name);
return -1;
--
2.17.1
|
