From: Stefano Brivio <sbrivio@redhat.com>
To: passt-dev@passt.top
Subject: [PATCH 10/16] conf, tap: False "Buffer not null terminated" positives, CWE-170
Date: Tue, 05 Apr 2022 19:05:08 +0200 [thread overview]
Message-ID: <20220405170514.2963773-11-sbrivio@redhat.com> (raw)
In-Reply-To: <20220405170514.2963773-1-sbrivio@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1882 bytes --]
Those strings are actually guaranteed to be NULL-terminated. Reported
by Coverity.
Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>
---
conf.c | 6 +++---
tap.c | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/conf.c b/conf.c
index 2412fc6..c1c8058 100644
--- a/conf.c
+++ b/conf.c
@@ -1035,7 +1035,7 @@ void conf(struct ctx *c, int argc, char **argv)
usage(argv[0]);
}
- ret = snprintf(c->sock_path, sizeof(c->sock_path), "%s",
+ ret = snprintf(c->sock_path, UNIX_SOCK_MAX - 1, "%s",
optarg);
if (ret <= 0 || ret >= (int)sizeof(c->pcap)) {
err("Invalid socket path: %s", optarg);
@@ -1048,9 +1048,9 @@ void conf(struct ctx *c, int argc, char **argv)
usage(argv[0]);
}
- ret = snprintf(c->pasta_ifn, sizeof(c->pasta_ifn), "%s",
+ ret = snprintf(c->pasta_ifn, IFNAMSIZ - 1, "%s",
optarg);
- if (ret <= 0 || ret >= (int)sizeof(c->pasta_ifn)) {
+ if (ret <= 0 || ret >= (int)IFNAMSIZ - 1) {
err("Invalid interface name: %s", optarg);
usage(argv[0]);
}
diff --git a/tap.c b/tap.c
index 8110577..04ceade 100644
--- a/tap.c
+++ b/tap.c
@@ -798,9 +798,9 @@ static void tap_sock_unix_init(struct ctx *c)
char *path = addr.sun_path;
if (*c->sock_path)
- strncpy(path, c->sock_path, UNIX_PATH_MAX);
+ memcpy(path, c->sock_path, UNIX_PATH_MAX);
else
- snprintf(path, UNIX_PATH_MAX, UNIX_SOCK_PATH, i);
+ snprintf(path, UNIX_PATH_MAX - 1, UNIX_SOCK_PATH, i);
ex = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0);
if (ex < 0) {
@@ -899,7 +899,7 @@ static int tap_ns_tun(void *arg)
int flags = O_RDWR | O_NONBLOCK | O_CLOEXEC;
struct ctx *c = (struct ctx *)arg;
- strncpy(ifr.ifr_name, c->pasta_ifn, IFNAMSIZ);
+ memcpy(ifr.ifr_name, c->pasta_ifn, IFNAMSIZ);
if (ns_enter(c) ||
(tun_ns_fd = open("/dev/net/tun", flags)) < 0 ||
--
@@ -798,9 +798,9 @@ static void tap_sock_unix_init(struct ctx *c)
char *path = addr.sun_path;
if (*c->sock_path)
- strncpy(path, c->sock_path, UNIX_PATH_MAX);
+ memcpy(path, c->sock_path, UNIX_PATH_MAX);
else
- snprintf(path, UNIX_PATH_MAX, UNIX_SOCK_PATH, i);
+ snprintf(path, UNIX_PATH_MAX - 1, UNIX_SOCK_PATH, i);
ex = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0);
if (ex < 0) {
@@ -899,7 +899,7 @@ static int tap_ns_tun(void *arg)
int flags = O_RDWR | O_NONBLOCK | O_CLOEXEC;
struct ctx *c = (struct ctx *)arg;
- strncpy(ifr.ifr_name, c->pasta_ifn, IFNAMSIZ);
+ memcpy(ifr.ifr_name, c->pasta_ifn, IFNAMSIZ);
if (ns_enter(c) ||
(tun_ns_fd = open("/dev/net/tun", flags)) < 0 ||
--
2.35.1
next prev parent reply other threads:[~2022-04-05 17:05 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-05 17:04 [PATCH 00/16] Fix issues reported by Coverity Stefano Brivio
2022-04-05 17:04 ` [PATCH 01/16] treewide: Invalid type in argument to printf format specifier, CWE-686 Stefano Brivio
2022-04-05 17:05 ` [PATCH 02/16] passt: Ignoring number of bytes read, CWE-252 Stefano Brivio
2022-04-05 17:05 ` [PATCH 03/16] tcp: False "Untrusted loop bound" positive, CWE-606 Stefano Brivio
2022-04-05 17:05 ` [PATCH 04/16] treewide: Unchecked return value from library, CWE-252 Stefano Brivio
2022-04-05 17:05 ` [PATCH 05/16] tap: Resource leak, CWE-404 Stefano Brivio
2022-04-05 17:05 ` [PATCH 06/16] conf, packet: Operands don't affect result, CWE-569 Stefano Brivio
2022-04-05 17:05 ` [PATCH 07/16] passt: Improper use of negative value (CWE-394) Stefano Brivio
2022-04-05 17:05 ` [PATCH 08/16] treewide: Argument cannot be negative, CWE-687 Stefano Brivio
2022-04-05 17:05 ` [PATCH 09/16] conf: False "Assign instead of compare" positive, CWE-481 Stefano Brivio
2022-04-05 17:05 ` Stefano Brivio [this message]
2022-04-05 17:05 ` [PATCH 11/16] tcp: Dereference null return value, CWE-476 Stefano Brivio
2022-04-05 17:05 ` [PATCH 12/16] tcp_splice: Logically dead code, CWE-561 Stefano Brivio
2022-04-05 17:05 ` [PATCH 13/16] tcp, tcp_splice: False "Negative array index read" positives, CWE-129 Stefano Brivio
2022-04-05 17:05 ` [PATCH 14/16] tcp: False "Out-of-bounds read" positive, CWE-125 Stefano Brivio
2022-04-05 17:05 ` [PATCH 15/16] udp: Out-of-bounds read, CWE-125 in udp_timer() Stefano Brivio
2022-04-05 17:05 ` [PATCH 16/16] arch: Pointer to local outside scope, CWE-562 Stefano Brivio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220405170514.2963773-11-sbrivio@redhat.com \
--to=sbrivio@redhat.com \
--cc=passt-dev@passt.top \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).