From: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Date: Tue, 12 Jul 2022 17:23:58 +0000 (-0600)
Subject: tools/cgget: replace strcat() with strncat()
X-Git-Tag: v3.0~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c8724c1e543026453365aaeca7ece93dc12dac7;p=thirdparty%2Flibcgroup.git

tools/cgget: replace strcat() with strncat()

Fix copy into fixed size buffer warning, reported by Coverity tool:

CID 258284 (#4 of 4): Copy into fixed size buffer (STRING_OVERFLOW)1.
fixed_size_dest: You might overrun the 4096-character fixed-size string
tmp_val by copying tok without checking the length.

In indent_multiline_value(), warned about the usage of strcat(), that
might overwrite the string. Fix it by replacing strcat() -> strncat()
in the function.

Signed-off-by: Kamalesh Babulal kamalesh.babulal@oracle.com
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
---

diff --git a/src/tools/cgget.c b/src/tools/cgget.c
index ea6a5701..c6721d19 100644
--- a/src/tools/cgget.c
+++ b/src/tools/cgget.c
@@ -536,11 +536,11 @@ static int indent_multiline_value(struct control_value * const cv)
 	char *tok, *saveptr = NULL;
 
 	tok = strtok_r(cv->value, "\n", &saveptr);
-	strcat(tmp_val, tok);
+	strncat(tmp_val, tok, CG_CONTROL_VALUE_MAX - 1);
 	/* don't indent the first value */
 	while ((tok = strtok_r(NULL, "\n", &saveptr))) {
-		strcat(tmp_val, "\n\t");
-		strcat(tmp_val, tok);
+		strncat(tmp_val, "\n\t", (CG_CONTROL_VALUE_MAX - (strlen(tmp_val) + 1)));
+		strncat(tmp_val, tok, (CG_CONTROL_VALUE_MAX - (strlen(tmp_val) + 1)));
 	}
 
 	cv->multiline_value = strdup(tmp_val);