bug-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings

From: Joan Lledó
Subject: Re: [PATCH 4/4] lwip: Fix a buffer overflow and clear compiler warnings
Date: Tue, 14 Aug 2018 18:17:28 +0200 
Missatge de Samuel Thibault <samuel.thibault@gnu.org> del dia dt., 14
d’ag. 2018 a les 9:34:
> > -      strncpy (in->dev_name, arg, DEV_NAME_LEN);
> > +      strncpy (in->dev_name, arg, sizeof(in->dev_name)-1);
>
> Mmm, but if arg is longer than the given size and doesn't contain a \0,
> in->dev_name will not contain one either?
>

No, b/c at most sizeof(in->dev_name)-1 bytes from arg will be copied,
leaving the last byte in in->dev_name unwritten, which always will be
equal to zero as it's initialized in parse_hook_add_interface().

> >         strncpy (ifr->ifr_name, netif_get_state (netif)->devname,
> > -                strlen (netif_get_state (netif)->devname) + 1);
> > +                sizeof (ifr->ifr_name)-1);
>
> Similarly.

Same here, the last byte is never written and is initialized to \0 in
the previous line.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]