[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cpio - covscan issues
|
From: |
Kamil Dudka |
|
Subject: |
Re: cpio - covscan issues |
|
Date: |
Thu, 08 Apr 2021 13:37:13 +0200 |
On Thursday, April 8, 2021 12:33:11 PM CEST Ondrej Dubaj wrote:
> On Thu, Apr 8, 2021 at 12:02 PM Kamil Dudka <kdudka@redhat.com> wrote:
> > On Thursday, April 8, 2021 9:47:05 AM CEST Ondrej Dubaj wrote:
> > > Hello,
> > >
> > > proposing patch for some of the issues found by coverity scan in
> >
> > cpio-2.13
> >
> > > Patch:
> > >
> > > diff --git a/src/tar.c b/src/tar.c
> > > index 99ef8a2..a5873e7 100644
> > > --- a/src/tar.c
> > > +++ b/src/tar.c
> > > @@ -146,6 +146,7 @@ write_out_tar_header (struct cpio_file_stat
> >
> > *file_hdr,
> >
> > > int out_des)
> > >
> > > name_len = strlen (file_hdr->c_name);
> > > if (name_len <= TARNAMESIZE)
> > >
> > > {
> > >
> > > + memset(tar_hdr->name, '\0', name_len+1);
> > >
> > > strncpy (tar_hdr->name, file_hdr->c_name, name_len);
> > >
> > > }
> > >
> > > else
> >
> > This is obviously incorrect because it would write past the tar_hdr->name
> > array in case (name_len == TARNAMESIZE).
>
> Actually you are right, the best option might be:
>
> memset(tar_hdr->name, '\0', TARNAMESIZE);
This would not ensure NUL-termination either because the subsequent call to
strncpy() might overwrite all the zeros with non-zeros in case (name_len ==
TARNAMESIZE). I believe this would work better:
strncpy (tar_hdr->name, file_hdr->c_name, name_len);
tar_hdr->name[TARNAMESIZE - 1] = '\0';
Kamil
Re: cpio - covscan issues, Paul Eggert, 2021/04/08