From d2e2c7510d47d544b662cf6be2b4b5932491a046 Mon Sep 17 00:00:00 2001 From: Kamalesh Babulal Date: Tue, 12 Jul 2022 11:24:55 -0600 Subject: [PATCH] tools/cgget: replace strcat() with strncat() Fix copy into fixed size buffer warning, reported by Coverity tool: CID 258284 (#4 of 4): Copy into fixed size buffer (STRING_OVERFLOW)1. fixed_size_dest: You might overrun the 4096-character fixed-size string tmp_val by copying tok without checking the length. In indent_multiline_value(), warned about the usage of strcat(), that might overwrite the string. Fix it by replacing strcat() -> strncat() in the function. Signed-off-by: Kamalesh Babulal kamalesh.babulal@oracle.com Signed-off-by: Tom Hromatka (cherry picked from commit 9c8724c1e543026453365aaeca7ece93dc12dac7) --- src/tools/cgget.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/tools/cgget.c b/src/tools/cgget.c index 714db104..f80926ba 100644 --- a/src/tools/cgget.c +++ b/src/tools/cgget.c @@ -540,11 +540,11 @@ static int indent_multiline_value(struct control_value * const cv) char *tok, *saveptr = NULL; tok = strtok_r(cv->value, "\n", &saveptr); - strcat(tmp_val, tok); + strncat(tmp_val, tok, CG_CONTROL_VALUE_MAX - 1); /* don't indent the first value */ while ((tok = strtok_r(NULL, "\n", &saveptr))) { - strcat(tmp_val, "\n\t"); - strcat(tmp_val, tok); + strncat(tmp_val, "\n\t", (CG_CONTROL_VALUE_MAX - (strlen(tmp_val) + 1))); + strncat(tmp_val, tok, (CG_CONTROL_VALUE_MAX - (strlen(tmp_val) + 1))); } cv->multiline_value = strdup(tmp_val); -- 2.47.2