From: Tom Hromatka Date: Mon, 3 Jul 2023 19:07:41 +0000 (-0600) Subject: cgsnapshot: Fix possible non-null-terminated array X-Git-Tag: v3.1.0~23 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3124474303cbed17455b0d5300feb34b1317b045;p=thirdparty%2Flibcgroup.git cgsnapshot: Fix possible non-null-terminated array Coverity flagged a code path where the controllers[][] structure in parse_controllers() may not have a '\0' string as its last entry. This would break the logic in is_ctlr_on_list(). The function may iterate past the end of the buffer looking for a null terminator. In parse_controllers: A character buffer that has not been null terminated is passed to a function expecting a null terminated string (CWE-170) Signed-off-by: Tom Hromatka Reviewed-by: Kamalesh Babulal --- diff --git a/src/tools/cgsnapshot.c b/src/tools/cgsnapshot.c index 13720c37..9917e134 100644 --- a/src/tools/cgsnapshot.c +++ b/src/tools/cgsnapshot.c @@ -556,8 +556,13 @@ static int parse_controllers(cont_name_t cont_names[CG_CONTROLLER_MAX], const ch /* go through the list of controllers/mount point pairs */ while (ret == 0) { if (strcmp(path, controller.path) == 0) { - /* if it is still the same mount point */ - if (max < CG_CONTROLLER_MAX) { + /* + * if it is still the same mount point + * + * note that the last entry in controllers[][] must be '\0', so + * we need to stop populating the array at CG_CONTROLLER_MAX - 1 + */ + if (max < CG_CONTROLLER_MAX - 1) { strncpy(controllers[max], controller.name, FILENAME_MAX); (controllers[max])[FILENAME_MAX-1] = '\0'; max++;