[PATCH rpcd] sys: mitigate possible strncpy string truncation

Jo-Philipp Wich jo at mein.io
Wed Aug 24 01:35:45 PDT 2022


Hi,

comment below.

~ Jo

On 8/24/22 10:14 AM, Petr Štetiar wrote:
> [...]
> --- a/sys.c
> +++ b/sys.c
> @@ -224,7 +224,8 @@ procstr:
>  			continue;
>  
>  		if (!strcmp(var, "Package:")) {
> -			strncpy(pkg, p1, sizeof(pkg));
> +			strncpy(pkg, p1, sizeof(pkg) - 1);
> +			pkg[sizeof(pkg) - 1] = '\0';

I suggest to change declarations of `pkg` and `ver` to:

   char pkg[128] = { 0 }, ver[128] = { 0 };

This way you can omit this explicit '\0' assignment since the dest char array
will be zero initialized and the `sizeof(...) - 1` above will ensure that the
last '\0' is never overwritten.

>  			continue;
>  		}
>  
> @@ -241,7 +242,8 @@ procstr:
>  		}
>  
>  		if (!strcmp(var, "Version:")) {
> -			strncpy(ver, p1, sizeof(ver));
> +			strncpy(ver, p1, sizeof(ver) - 1);
> +			ver[sizeof(ver) - 1] = '\0';
>  			continue;
>  		}
>  
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20220824/0eacf7cb/attachment.sig>


More information about the openwrt-devel mailing list