[lxc-devel] [lxc/stable-2.1] fix: gcc8.3.0 and memset overflow
fingera on Github
lxc-bot at linuxcontainers.org
Thu Dec 17 14:11:26 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20201217/696cad7a/attachment.bin>
-------------- next part --------------
From 94e56bd5b79e48b793041ebcac3f2b527050151c Mon Sep 17 00:00:00 2001
From: liuyujun <liuyujun at fingera.cn>
Date: Thu, 17 Dec 2020 22:08:43 +0800
Subject: [PATCH] fix: gcc8.3.0 and memset overflow
---
src/lxc/af_unix.c | 4 ++--
src/lxc/confile_utils.c | 2 +-
src/lxc/lxccontainer.c | 3 +--
src/lxc/network.c | 4 ++--
src/lxc/utils.c | 7 +++++--
5 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c
index 9fba0ee15c..8146ebd4a9 100644
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -62,7 +62,7 @@ int lxc_abstract_unix_open(const char *path, int type, int flags)
return -1;
}
/* addr.sun_path[0] has already been set to 0 by memset() */
- strncpy(&addr.sun_path[1], &path[1], len);
+ memcpy(&addr.sun_path[1], &path[1], len);
ret = bind(fd, (struct sockaddr *)&addr,
offsetof(struct sockaddr_un, sun_path) + len + 1);
@@ -115,7 +115,7 @@ int lxc_abstract_unix_connect(const char *path)
return -1;
}
/* addr.sun_path[0] has already been set to 0 by memset() */
- strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
+ memcpy(&addr.sun_path[1], &path[1], len);
ret = connect(fd, (struct sockaddr *)&addr,
offsetof(struct sockaddr_un, sun_path) + len + 1);
diff --git a/src/lxc/confile_utils.c b/src/lxc/confile_utils.c
index 612f53f1e7..dde5a78342 100644
--- a/src/lxc/confile_utils.c
+++ b/src/lxc/confile_utils.c
@@ -616,7 +616,7 @@ int lxc_get_conf_str(char *retv, int inlen, const char *value)
if (!value)
return 0;
if (retv && inlen >= strlen(value) + 1)
- strncpy(retv, value, strlen(value) + 1);
+ strncpy(retv, value, inlen);
return strlen(value);
}
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 745941cdd2..d87e0a3d84 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -673,8 +673,7 @@ static char **split_init_cmd(const char *incmd)
len = strlen(incmd) + 1;
copy = alloca(len);
- strncpy(copy, incmd, len);
- copy[len-1] = '\0';
+ memcpy(copy, incmd, len);
do {
argv = malloc(sizeof(char *));
diff --git a/src/lxc/network.c b/src/lxc/network.c
index 240d09337a..b3608ed785 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -2151,8 +2151,8 @@ static int lxc_create_network_unpriv_exec(const char *lxcpath, const char *lxcna
return -1;
}
- memset(netdev->name, 0, IFNAMSIZ + 1);
- strncpy(netdev->name, token, IFNAMSIZ);
+ memset(netdev->name, 0, IFNAMSIZ);
+ strncpy(netdev->name, token, IFNAMSIZ - 1);
/* netdev->ifindex */
token = strtok_r(NULL, ":", &saveptr);
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index df4439549a..8139987c54 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -2340,13 +2340,16 @@ int parse_byte_size_string(const char *s, int64_t *converted)
char *end;
char dup[LXC_NUMSTRLEN64 + 2];
char suffix[3];
+ size_t s_len;
if (!s || !strcmp(s, ""))
return -EINVAL;
- end = stpncpy(dup, s, sizeof(dup));
- if (*end != '\0')
+ s_len = strlen(s);
+ if (s_len >= sizeof(dup))
return -EINVAL;
+ memcpy(dup, s, s_len + 1);
+ end = dup + s_len;
if (isdigit(*(end - 1)))
suffix_len = 0;
More information about the lxc-devel
mailing list