tools/cgget: replace strcat() with strncat()

Fix copy into fixed size buffer warning, reported by Coverity tool:

CID 258284 (#4 of 4): Copy into fixed size buffer (STRING_OVERFLOW)1.
fixed_size_dest: You might overrun the 4096-character fixed-size string
tmp_val by copying tok without checking the length.

In indent_multiline_value(), warned about the usage of strcat(), that
might overwrite the string. Fix it by replacing strcat() -> strncat()
in the function.

Signed-off-by: Kamalesh Babulal kamalesh.babulal@oracle.com
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
(cherry picked from commit 9c8724c1e543026453365aaeca7ece93dc12dac7)

diff --git a/src/tools/cgget.c b/src/tools/cgget.c
index 714db10460fc6cc6757bf788a8d9d387ce4321f5..f80926ba74328635034b2a5667bfe59a54b8efce 100644 (file)
--- a/src/tools/cgget.c
+++ b/src/tools/cgget.c
@@ -540,11 +540,11 @@ static int indent_multiline_value(struct control_value * const cv)
        char *tok, *saveptr = NULL;
 
        tok = strtok_r(cv->value, "\n", &saveptr);
-       strcat(tmp_val, tok);
+       strncat(tmp_val, tok, CG_CONTROL_VALUE_MAX - 1);
        /* don't indent the first value */
        while ((tok = strtok_r(NULL, "\n", &saveptr))) {
-               strcat(tmp_val, "\n\t");
-               strcat(tmp_val, tok);
+               strncat(tmp_val, "\n\t", (CG_CONTROL_VALUE_MAX - (strlen(tmp_val) + 1)));
+               strncat(tmp_val, tok, (CG_CONTROL_VALUE_MAX - (strlen(tmp_val) + 1)));
        }
 
        cv->multiline_value = strdup(tmp_val);