[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [qemu-xen master] sockets: avoid string truncation warnings when copying UNIX path



commit 9474aff88061bed73ab98891475f1aab0e2b7385
Author:     Daniel P. Berrangé <berrange@xxxxxxxxxx>
AuthorDate: Wed May 1 15:50:52 2019 +0100
Commit:     Anthony PERARD <anthony.perard@xxxxxxxxxx>
CommitDate: Tue Aug 6 10:54:32 2019 +0100

    sockets: avoid string truncation warnings when copying UNIX path
    
    In file included from /usr/include/string.h:494,
                     from include/qemu/osdep.h:101,
                     from util/qemu-sockets.c:18:
    In function â??strncpyâ??,
        inlined from â??unix_connect_saddr.isra.0â?? at 
util/qemu-sockets.c:925:5:
    /usr/include/bits/string_fortified.h:106:10: warning: 
â??__builtin_strncpyâ?? specified bound 108 equals destination size 
[-Wstringop-truncation]
      106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos 
(__dest));
          |          
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    In function â??strncpyâ??,
        inlined from â??unix_listen_saddr.isra.0â?? at 
util/qemu-sockets.c:880:5:
    /usr/include/bits/string_fortified.h:106:10: warning: 
â??__builtin_strncpyâ?? specified bound 108 equals destination size 
[-Wstringop-truncation]
      106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos 
(__dest));
          |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    We are already validating the UNIX socket path length earlier in
    the functions. If we save this string length when we first check
    it, then we can simply use memcpy instead of strcpy later, avoiding
    the gcc truncation warnings.
    
    Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
    Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
    Reviewed-by: Stefano Garzarella <sgarzare@xxxxxxxxxx>
    Message-Id: <20190501145052.12579-1-berrange@xxxxxxxxxx>
    Signed-off-by: Laurent Vivier <laurent@xxxxxxxxx>
    (cherry picked from commit 2d2023c3b99edb33ad4bb9791f70456ea1a1c049)
---
 util/qemu-sockets.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 9705051690..ba6335e71a 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -830,6 +830,7 @@ static int unix_listen_saddr(UnixSocketAddress *saddr,
     int sock, fd;
     char *pathbuf = NULL;
     const char *path;
+    size_t pathlen;
 
     sock = qemu_socket(PF_UNIX, SOCK_STREAM, 0);
     if (sock < 0) {
@@ -845,7 +846,8 @@ static int unix_listen_saddr(UnixSocketAddress *saddr,
         path = pathbuf = g_strdup_printf("%s/qemu-socket-XXXXXX", tmpdir);
     }
 
-    if (strlen(path) > sizeof(un.sun_path)) {
+    pathlen = strlen(path);
+    if (pathlen > sizeof(un.sun_path)) {
         error_setg(errp, "UNIX socket path '%s' is too long", path);
         error_append_hint(errp, "Path must be less than %zu bytes\n",
                           sizeof(un.sun_path));
@@ -877,7 +879,7 @@ static int unix_listen_saddr(UnixSocketAddress *saddr,
 
     memset(&un, 0, sizeof(un));
     un.sun_family = AF_UNIX;
-    strncpy(un.sun_path, path, sizeof(un.sun_path));
+    memcpy(un.sun_path, path, pathlen);
 
     if (bind(sock, (struct sockaddr*) &un, sizeof(un)) < 0) {
         error_setg_errno(errp, errno, "Failed to bind socket to %s", path);
@@ -901,6 +903,7 @@ static int unix_connect_saddr(UnixSocketAddress *saddr, 
Error **errp)
 {
     struct sockaddr_un un;
     int sock, rc;
+    size_t pathlen;
 
     if (saddr->path == NULL) {
         error_setg(errp, "unix connect: no path specified");
@@ -913,7 +916,8 @@ static int unix_connect_saddr(UnixSocketAddress *saddr, 
Error **errp)
         return -1;
     }
 
-    if (strlen(saddr->path) > sizeof(un.sun_path)) {
+    pathlen = strlen(saddr->path);
+    if (pathlen > sizeof(un.sun_path)) {
         error_setg(errp, "UNIX socket path '%s' is too long", saddr->path);
         error_append_hint(errp, "Path must be less than %zu bytes\n",
                           sizeof(un.sun_path));
@@ -922,7 +926,7 @@ static int unix_connect_saddr(UnixSocketAddress *saddr, 
Error **errp)
 
     memset(&un, 0, sizeof(un));
     un.sun_family = AF_UNIX;
-    strncpy(un.sun_path, saddr->path, sizeof(un.sun_path));
+    memcpy(un.sun_path, saddr->path, pathlen);
 
     /* connect to peer */
     do {
--
generated by git-patchbot for /home/xen/git/qemu-xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.