From 9c8724c1e543026453365aaeca7ece93dc12dac7 Mon Sep 17 00:00:00 2001 From: Kamalesh Babulal Date: Tue, 12 Jul 2022 11:23:58 -0600 Subject: [PATCH] tools/cgget: replace strcat() with strncat() Fix copy into fixed size buffer warning, reported by Coverity tool: CID 258284 (#4 of 4): Copy into fixed size buffer (STRING_OVERFLOW)1. fixed_size_dest: You might overrun the 4096-character fixed-size string tmp_val by copying tok without checking the length. In indent_multiline_value(), warned about the usage of strcat(), that might overwrite the string. Fix it by replacing strcat() -> strncat() in the function. Signed-off-by: Kamalesh Babulal kamalesh.babulal@oracle.com Signed-off-by: Tom Hromatka --- src/tools/cgget.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/tools/cgget.c b/src/tools/cgget.c index ea6a5701..c6721d19 100644 --- a/src/tools/cgget.c +++ b/src/tools/cgget.c @@ -536,11 +536,11 @@ static int indent_multiline_value(struct control_value * const cv) char *tok, *saveptr = NULL; tok = strtok_r(cv->value, "\n", &saveptr); - strcat(tmp_val, tok); + strncat(tmp_val, tok, CG_CONTROL_VALUE_MAX - 1); /* don't indent the first value */ while ((tok = strtok_r(NULL, "\n", &saveptr))) { - strcat(tmp_val, "\n\t"); - strcat(tmp_val, tok); + strncat(tmp_val, "\n\t", (CG_CONTROL_VALUE_MAX - (strlen(tmp_val) + 1))); + strncat(tmp_val, tok, (CG_CONTROL_VALUE_MAX - (strlen(tmp_val) + 1))); } cv->multiline_value = strdup(tmp_val); -- 2.47.2