[Dnsmasq-discuss] [PATCH] Error: SECURE_CODING
Simon Kelley
simon at thekelleys.org.uk
Wed Apr 24 09:55:23 BST 2013
On 23/04/13 15:11, Dave Reisner wrote:
> On Tue, Apr 23, 2013 at 03:55:11PM +0200, Tomas Hozza wrote:
>> Coverity output:
>> dnsmasq-2.66/src/ipset.c:173: secure_coding: [VERY RISKY]. Using
>> "strcpy" can cause a buffer overflow when done incorrectly. If the
>> destination string of a strcpy() is not large enough then anything might
>> happen. Use strncpy() instead.
>>
>> I checked the code path and the length is never checked so there
>> should be strncpy used.
>
> But it *is* checked. Just above the chunk that your patch references is
> the line:
>
> if (strlen(setname)>= sizeof(req_adt_get.set.name))
>
> There's an off by one error here,
Is there? Since strlen(setname) must be strictly less than the size of
the buffer, by that check, there must be at least one spare byte for the
trailing zero, surely?
Tomas, we plead Not Guilty, I think.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list