From: Oliver Kurth Date: Wed, 30 Oct 2019 18:18:21 +0000 (-0700) Subject: Fix misc. warnings related to strncpy usage. X-Git-Tag: stable-11.1.0~183 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0222a70307ddd67d718f60d89178e6df649c6f0c;p=thirdparty%2Fopen-vm-tools.git Fix misc. warnings related to strncpy usage. For few files bundled in open-vm-tools package, one of the code scanners reported the following warning. " Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers" Checked the files and modified the code to pass 'sizeof dest - 1' as the third argument to avoid any warnings. In one of the VGAUTH library functions, added a check for the input buffer size and return a valid error. --- diff --git a/open-vm-tools/lib/include/vmci_sockets.h b/open-vm-tools/lib/include/vmci_sockets.h index 0171cdbe6..3b2d2441c 100644 --- a/open-vm-tools/lib/include/vmci_sockets.h +++ b/open-vm-tools/lib/include/vmci_sockets.h @@ -879,7 +879,8 @@ struct uuid_2_cid { } } - strncpy(io.u2c_uuid_string, uuidString, sizeof io.u2c_uuid_string); + strncpy(io.u2c_uuid_string, uuidString, sizeof io.u2c_uuid_string - 1); + io.u2c_uuid_string[sizeof io.u2c_uuid_string - 1] = '\0'; if (ioctl(fd, VMCI_SOCKETS_UUID_2_CID, &io) < 0) { io.u2c_context_id = VMADDR_CID_ANY; } diff --git a/open-vm-tools/modules/solaris/vmxnet/vmxnet.c b/open-vm-tools/modules/solaris/vmxnet/vmxnet.c index 243c72575..d8b8c38b3 100644 --- a/open-vm-tools/modules/solaris/vmxnet/vmxnet.c +++ b/open-vm-tools/modules/solaris/vmxnet/vmxnet.c @@ -2063,7 +2063,7 @@ map_space_found: */ macInfo = gld_mac_alloc(dip); if (!macInfo) { - cmn_err(CE_WARN, "%s%d: Vxn_Attach: gld_mac_alloc failed", + cmn_err(CE_WARN, "%s%d: Vxn_Attach: gld_mac_alloc failed", drvName, unit); goto err_gld_mac_alloc; } @@ -2075,12 +2075,16 @@ map_space_found: * Get interrupt cookie */ if (ddi_get_iblock_cookie(dip, 0, &dp->iblockCookie) != DDI_SUCCESS) { - cmn_err(CE_WARN, "%s%d: Vxn_Attach: ddi_get_iblock_cookie failed", + cmn_err(CE_WARN, "%s%d: Vxn_Attach: ddi_get_iblock_cookie failed", drvName, unit); goto err_get_iblock_cookie; } - strncpy(dp->drvName, drvName, SOLVMXNET_MAXNAME); + /* + * kmem_zalloc above memsets drvName to 0. Use array size - 1 below + * to ensure NUL termination. + */ + strncpy(dp->drvName, drvName, sizeof dp->drvName - 1); dp->unit = unit; dp->dip = dip; dp->macInfo = macInfo; diff --git a/open-vm-tools/vgauth/lib/comm.c b/open-vm-tools/vgauth/lib/comm.c index 6055c569b..15a4c658e 100644 --- a/open-vm-tools/vgauth/lib/comm.c +++ b/open-vm-tools/vgauth/lib/comm.c @@ -1,5 +1,5 @@ /********************************************************* - * Copyright (C) 2011-2016 VMware, Inc. All rights reserved. + * Copyright (C) 2011-2016,2019 VMware, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -453,12 +453,22 @@ VGAuthError VGAuthComm_SetTestBufferInput(VGAuthContext *ctx, const char *buffer) { - VGAuthError err = VGAUTH_E_OK; + VGAuthError err; + size_t bufLen; ctx->comm.bufTest = TRUE; ctx->comm.bufLoc = 0; - ctx->comm.bufLen = strlen(buffer); - strncpy(ctx->comm.testBuffer, buffer, ctx->comm.bufLen + 1); + bufLen = strlen(buffer); + + if (bufLen > sizeof ctx->comm.testBuffer - 1) { + fprintf(stderr, "Test buffer too large.\n"); + err = VGAUTH_E_INVALID_ARGUMENT; + } else { + ctx->comm.bufLen = bufLen; + strncpy(ctx->comm.testBuffer, buffer, sizeof ctx->comm.testBuffer - 1); + ctx->comm.testBuffer[sizeof ctx->comm.testBuffer - 1] = '\0'; + err = VGAUTH_E_OK; + } return err; }