[xen master] tools/xenpmd: fix possible '\0' truncation

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[xen master] tools/xenpmd: fix possible '\0' truncation

patchbot
commit 938c8f53b1f80175c6f7a1399efdb984abb0cb8b
Author:     Marek Marczykowski-Górecki <[hidden email]>
AuthorDate: Thu Apr 5 03:50:53 2018 +0200
Commit:     Wei Liu <[hidden email]>
CommitDate: Fri Apr 6 09:05:56 2018 +0100

    tools/xenpmd: fix possible '\0' truncation
   
    gcc-8 complains:
        xenpmd.c:207:9: error: 'strncpy' specified bound 32 equals destination size [-Werror=stringop-truncation]
                 strncpy(info->oem_info, attrib_value, 32);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        xenpmd.c:201:9: error: 'strncpy' specified bound 32 equals destination size [-Werror=stringop-truncation]
                 strncpy(info->battery_type, attrib_value, 32);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        xenpmd.c:195:9: error: 'strncpy' specified bound 32 equals destination size [-Werror=stringop-truncation]
                 strncpy(info->serial_number, attrib_value, 32);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        xenpmd.c:189:9: error: 'strncpy' specified bound 32 equals destination size [-Werror=stringop-truncation]
                 strncpy(info->model_number, attrib_value, 32);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   
    Copy 31 chars, then make sure terminating '\0' is present. Those fields
    are passed to strlen and as '%s' for snprintf later.
   
    Signed-off-by: Marek Marczykowski-Górecki <[hidden email]>
    Acked-by: Wei Liu <[hidden email]>
    Release-Acked-by: Juergen Gross <[hidden email]>
---
 tools/xenpmd/xenpmd.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/tools/xenpmd/xenpmd.c b/tools/xenpmd/xenpmd.c
index 689c8fd670..56412a9a81 100644
--- a/tools/xenpmd/xenpmd.c
+++ b/tools/xenpmd/xenpmd.c
@@ -186,25 +186,29 @@ void set_attribute_battery_info(char *attrib_name,
 
     if ( strstr(attrib_name, "model number") )
     {
-        strncpy(info->model_number, attrib_value, 32);
+        strncpy(info->model_number, attrib_value, 31);
+        info->model_number[31] = '\0';
         return;
     }
 
     if ( strstr(attrib_name, "serial number") )
     {
-        strncpy(info->serial_number, attrib_value, 32);
+        strncpy(info->serial_number, attrib_value, 31);
+        info->serial_number[31] = '\0';
         return;
     }
 
     if ( strstr(attrib_name, "battery type") )
     {
-        strncpy(info->battery_type, attrib_value, 32);
+        strncpy(info->battery_type, attrib_value, 31);
+        info->battery_type[31] = '\0';
         return;
     }
 
     if ( strstr(attrib_name, "OEM info") )
     {
-        strncpy(info->oem_info, attrib_value, 32);
+        strncpy(info->oem_info, attrib_value, 31);
+        info->oem_info[31] = '\0';
         return;
     }
 
--
generated by git-patchbot for /home/xen/git/xen.git#master


_______________________________________________
Xen-changelog mailing list
[hidden email]
https://lists.xenproject.org/xen-changelog