1bffdb3e0SAndrew GeisslerFrom 542380a13f178d97851751b57054a6b5be555d1c Mon Sep 17 00:00:00 2001 2bffdb3e0SAndrew GeisslerFrom: Jens Rehsack <sno@netbsd.org> 3bffdb3e0SAndrew GeisslerDate: Thu, 13 Aug 2020 16:16:44 +0200 4bffdb3e0SAndrew GeisslerSubject: [PATCH 2/2] test/test_x509.c: fix potential overflow issue 5bffdb3e0SAndrew Geissler 6bffdb3e0SAndrew GeisslerInstead of doing a memcpy() which does static overflow checking, use 7bffdb3e0SAndrew Geisslersnprintf() for string copying which does the check dynamically. 8bffdb3e0SAndrew Geissler 9bffdb3e0SAndrew GeisslerFixes: 10bffdb3e0SAndrew Geissler| In file included from .../recipe-sysroot/usr/include/string.h:519, 11bffdb3e0SAndrew Geissler| from test/test_x509.c:27: 12bffdb3e0SAndrew Geissler| In function 'memcpy', 13bffdb3e0SAndrew Geissler| inlined from 'parse_keyvalue' at test/test_x509.c:845:2, 14bffdb3e0SAndrew Geissler| inlined from 'process_conf_file' at test/test_x509.c:1360:7, 15bffdb3e0SAndrew Geissler| inlined from 'main' at test/test_x509.c:2038:2: 16bffdb3e0SAndrew Geissler| .../recipe-sysroot/usr/include/bits/string_fortified.h:34:10: warning: '__builtin_memcpy' specified bound 4294967295 exceeds maximum object size 2147483647 [-Wstringop-overflow=] 17bffdb3e0SAndrew Geissler| 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); 18bffdb3e0SAndrew Geissler| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 19bffdb3e0SAndrew Geissler 20bffdb3e0SAndrew GeisslerSigned-off-by: Jens Rehsack <sno@netbsd.org> 21bffdb3e0SAndrew Geissler--- 22*520786ccSPatrick WilliamsUpstream-Status: Pending 23*520786ccSPatrick Williams 24bffdb3e0SAndrew Geissler test/test_x509.c | 3 +-- 25bffdb3e0SAndrew Geissler 1 file changed, 1 insertion(+), 2 deletions(-) 26bffdb3e0SAndrew Geissler 27bffdb3e0SAndrew Geisslerdiff --git a/test/test_x509.c b/test/test_x509.c 28bffdb3e0SAndrew Geisslerindex 2c61cf5..76f6ab9 100644 29bffdb3e0SAndrew Geissler--- a/test/test_x509.c 30bffdb3e0SAndrew Geissler+++ b/test/test_x509.c 31bffdb3e0SAndrew Geissler@@ -842,8 +842,7 @@ parse_keyvalue(HT *d) 32bffdb3e0SAndrew Geissler return -1; 33bffdb3e0SAndrew Geissler } 34bffdb3e0SAndrew Geissler name = xmalloc(u + 1); 35bffdb3e0SAndrew Geissler- memcpy(name, buf, u); 36bffdb3e0SAndrew Geissler- name[u] = 0; 37bffdb3e0SAndrew Geissler+ snprintf(name, u, "%s", buf); 38bffdb3e0SAndrew Geissler if (HT_get(d, name) != NULL) { 39bffdb3e0SAndrew Geissler xfree(name); 40bffdb3e0SAndrew Geissler return -1; 41bffdb3e0SAndrew Geissler-- 42bffdb3e0SAndrew Geissler2.17.1 43bffdb3e0SAndrew Geissler 44