[Dnsmasq-discuss] [PATCH] Error: SECURE_CODING

Tomas Hozza thozza at redhat.com
Tue Apr 23 14:55:11 BST 2013


Coverity output:
dnsmasq-2.66/src/ipset.c:173: secure_coding: [VERY RISKY]. Using
"strcpy" can cause a buffer overflow when done incorrectly.  If the
destination string of a strcpy() is not large enough then anything might
happen. Use strncpy() instead.

I checked the code path and the length is never checked so there
should be strncpy used.

Signed-off-by: Tomas Hozza <thozza at redhat.com>
---
 src/ipset.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/ipset.c b/src/ipset.c
index f175fa4..fa262d5 100644
--- a/src/ipset.c
+++ b/src/ipset.c
@@ -170,7 +170,8 @@ static int old_add_to_ipset(const char *setname, const struct all_addr *ipaddr,
   
   req_adt_get.op = 0x10;
   req_adt_get.version = 3;
-  strcpy(req_adt_get.set.name, setname);
+  strncpy(req_adt_get.set.name, setname, IPSET_MAXNAMELEN - 1);
+  req_adt_get.set.name[IPSET_MAXNAMELEN - 1] = '\0';
   size = sizeof(req_adt_get);
   if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0)
     return -1;
-- 
1.8.1.4




More information about the Dnsmasq-discuss mailing list