[Dnsmasq-discuss] [PATCH] Error: SECURE_CODING

Simon Kelley simon at thekelleys.org.uk
Wed Apr 24 09:55:23 BST 2013

On 23/04/13 15:11, Dave Reisner wrote:
> On Tue, Apr 23, 2013 at 03:55:11PM +0200, Tomas Hozza wrote:
>> Coverity output:
>> dnsmasq-2.66/src/ipset.c:173: secure_coding: [VERY RISKY]. Using
>> "strcpy" can cause a buffer overflow when done incorrectly.  If the
>> destination string of a strcpy() is not large enough then anything might
>> happen. Use strncpy() instead.
>> I checked the code path and the length is never checked so there
>> should be strncpy used.
> But it *is* checked. Just above the chunk that your patch references is
> the line:
>    if (strlen(setname)>= sizeof(req_adt_get.set.name))
> There's an off by one error here,

Is there? Since strlen(setname) must be strictly less than the size of 
the buffer, by that check, there must be at least one spare byte for the 
trailing zero, surely?

Tomas, we plead Not Guilty, I think.



More information about the Dnsmasq-discuss mailing list