aboutsummaryrefslogtreecommitdiffstats
path: root/extras/libmemif/src/socket.c
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2021-01-29 14:18:12 +0000
committerDamjan Marion <dmarion@me.com>2021-02-08 10:27:06 +0000
commite5b7ca4bcea8c404d95e00f5db4c40d47b6e185b (patch)
tree8c63d909d628477c745e0a3455fb5e5ae45e6a48 /extras/libmemif/src/socket.c
parent1421748e3cd98d7355b1a1db283803a571569927 (diff)
libmemif: fix insecure uses of strncpy
A calling patterm of "strncpy(dst, src, strlen(src))" invites a lot of troubles. However, even using the target size may result in a problem if the string is longer, since then the termination is not done. Use strlcpy(dst, src, sizeof(dst)), which will always null-terminate the string. Change-Id: I8ddaf3dc8380a78af08914e81849279dae7ab24a Type: fix Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
Diffstat (limited to 'extras/libmemif/src/socket.c')
-rw-r--r--extras/libmemif/src/socket.c36
1 files changed, 16 insertions, 20 deletions
diff --git a/extras/libmemif/src/socket.c b/extras/libmemif/src/socket.c
index 24546162ee9..b801cac75ba 100644
--- a/extras/libmemif/src/socket.c
+++ b/extras/libmemif/src/socket.c
@@ -111,8 +111,7 @@ memif_msg_send_hello (libmemif_main_t * lm, int fd)
h->max_region = MEMIF_MAX_REGION;
h->max_log2_ring_size = MEMIF_MAX_LOG2_RING_SIZE;
- strncpy ((char *) h->name, (char *) lm->app_name,
- strlen ((char *) lm->app_name));
+ strlcpy ((char *) h->name, (char *) lm->app_name, sizeof (h->name));
/* msg hello is not enqueued but sent directly,
because it is the first msg to be sent */
@@ -139,8 +138,7 @@ memif_msg_enq_init (memif_connection_t * c)
i->id = c->args.interface_id;
i->mode = c->args.mode;
- strncpy ((char *) i->name, (char *) lm->app_name,
- strlen ((char *) lm->app_name));
+ strlcpy ((char *) i->name, (char *) lm->app_name, sizeof (i->name));
if (strlen ((char *) c->args.secret) > 0)
strncpy ((char *) i->secret, (char *) c->args.secret, sizeof (i->secret));
@@ -260,8 +258,8 @@ memif_msg_enq_connect (memif_connection_t * c)
e->msg.type = MEMIF_MSG_TYPE_CONNECT;
e->fd = -1;
- strncpy ((char *) cm->if_name, (char *) c->args.interface_name,
- strlen ((char *) c->args.interface_name));
+ strlcpy ((char *) cm->if_name, (char *) c->args.interface_name,
+ sizeof (cm->if_name));
e->next = NULL;
if (c->msg_queue == NULL)
@@ -295,8 +293,8 @@ memif_msg_enq_connected (memif_connection_t * c)
e->msg.type = MEMIF_MSG_TYPE_CONNECTED;
e->fd = -1;
- strncpy ((char *) cm->if_name, (char *) c->args.interface_name,
- strlen ((char *) c->args.interface_name));
+ strlcpy ((char *) cm->if_name, (char *) c->args.interface_name,
+ sizeof (cm->if_name));
e->next = NULL;
if (c->msg_queue == NULL)
@@ -327,12 +325,12 @@ memif_msg_send_disconnect (int fd, uint8_t * err_string, uint32_t err_code)
msg.type = MEMIF_MSG_TYPE_DISCONNECT;
d->code = err_code;
uint16_t l = strlen ((char *) err_string);
- if (l > 96)
+ if (l > sizeof (d->string) - 1)
{
- DBG ("Disconnect string too long. Sending first 96 characters.");
- l = 96;
+ DBG ("Disconnect string too long. Sending the first %d characters.",
+ sizeof (d->string) - 1);
}
- strncpy ((char *) d->string, (char *) err_string, l);
+ strlcpy ((char *) d->string, (char *) err_string, sizeof (d->string));
return memif_msg_send (fd, &msg, -1);
}
@@ -356,8 +354,7 @@ memif_msg_receive_hello (memif_connection_t * c, memif_msg_t * msg)
c->run_args.log2_ring_size = memif_min (h->max_log2_ring_size,
c->args.log2_ring_size);
c->run_args.buffer_size = c->args.buffer_size;
- strncpy ((char *) c->remote_name, (char *) h->name,
- strlen ((char *) h->name));
+ strlcpy ((char *) c->remote_name, (char *) h->name, sizeof (c->remote_name));
return MEMIF_ERR_SUCCESS; /* 0 */
}
@@ -420,8 +417,7 @@ memif_msg_receive_init (memif_socket_t * ms, int fd, memif_msg_t * msg)
goto error;
}
- strncpy ((char *) c->remote_name, (char *) i->name,
- strlen ((char *) i->name));
+ strlcpy ((char *) c->remote_name, (char *) i->name, sizeof (c->remote_name));
if (strlen ((char *) c->args.secret) > 0)
{
@@ -588,8 +584,8 @@ memif_msg_receive_connect (memif_connection_t * c, memif_msg_t * msg)
if (err != MEMIF_ERR_SUCCESS)
return err;
- strncpy ((char *) c->remote_if_name, (char *) cm->if_name,
- strlen ((char *) cm->if_name));
+ strlcpy ((char *) c->remote_if_name, (char *) cm->if_name,
+ sizeof (c->remote_if_name));
int i;
if (c->on_interrupt != NULL)
@@ -625,7 +621,7 @@ memif_msg_receive_connected (memif_connection_t * c, memif_msg_t * msg)
return err;
strncpy ((char *) c->remote_if_name, (char *) cm->if_name,
- strlen ((char *) cm->if_name));
+ sizeof (c->remote_if_name));
int i;
if (c->on_interrupt != NULL)
@@ -650,7 +646,7 @@ memif_msg_receive_disconnect (memif_connection_t * c, memif_msg_t * msg)
memset (c->remote_disconnect_string, 0,
sizeof (c->remote_disconnect_string));
strncpy ((char *) c->remote_disconnect_string, (char *) d->string,
- strlen ((char *) d->string));
+ sizeof (c->remote_disconnect_string));
/* on returning error, handle function will call memif_disconnect () */
DBG ("disconnect received: %s, mode: %d",