Hello, proposing patch for some of the issues found by coverity scan in cpio-2.13
Patch: diff --git a/src/tar.c b/src/tar.c index 99ef8a2..a5873e7 100644 --- a/src/tar.c +++ b/src/tar.c @@ -146,6 +146,7 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) name_len = strlen (file_hdr->c_name); if (name_len <= TARNAMESIZE) { + memset(tar_hdr->name, '\0', name_len+1); strncpy (tar_hdr->name, file_hdr->c_name, name_len); } else @@ -173,8 +174,9 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) { /* process_copy_out makes sure that c_tar_linkname is shorter than TARLINKNAMESIZE. */ + memset(tar_hdr->linkname, '\0', TARLINKNAMESIZE); strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname, - TARLINKNAMESIZE); + TARLINKNAMESIZE-1); tar_hdr->typeflag = LNKTYPE; to_ascii (tar_hdr->size, 0, 12, LG_8, true); } @@ -200,8 +202,9 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) tar_hdr->typeflag = SYMTYPE; /* process_copy_out makes sure that c_tar_linkname is shorter than TARLINKNAMESIZE. */ + memset(tar_hdr->linkname, '\0', TARLINKNAMESIZE); strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname, - TARLINKNAMESIZE); + TARLINKNAMESIZE-1); to_ascii (tar_hdr->size, 0, 12, LG_8, true); break; #endif /* CP_IFLNK */ @@ -211,6 +214,7 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) { char *name; + memset(tar_hdr->version, '\0', TVERSLEN+1); strncpy (tar_hdr->magic, TMAGIC, TMAGLEN); strncpy (tar_hdr->version, TVERSION, TVERSLEN); In addition, there are some issues which are not resolved by this patch. There is a compiler warning about issues in utimens.c, which I find as false positives. Can you please investigate it and give feedback ? Thank you. Ondrej Covscan results: Error: COMPILER_WARNING (CWE-758): cpio-2.13/gnu/utimens.c: scope_hint: In function 'fdutimens' cpio-2.13/gnu/utimens.c:296:17: warning[-Wstringop-overflow=]: 'update_timespec' accessing 16 bytes in a region of size 8 # 296 | if (ts && update_timespec (&st, &ts)) # | ^~~~~~~~~~~~~~~~~~~~~~~~~~ cpio-2.13/gnu/utimens.c:296:17: note: referencing argument 2 of type 'struct timespec * *' cpio-2.13/gnu/utimens.c:131:1: note: in a call to function 'update_timespec' # 131 | update_timespec (struct stat const *statbuf, struct timespec *ts[2]) # | ^~~~~~~~~~~~~~~ # 294| && (fd < 0 ? stat (file, &st) : fstat (fd, &st))) # 295| return -1; # 296|-> if (ts && update_timespec (&st, &ts)) # 297| return 0; # 298| } Error: COMPILER_WARNING (CWE-758): cpio-2.13/gnu/utimens.c: scope_hint: In function 'lutimens' cpio-2.13/gnu/utimens.c:507:17: warning[-Wstringop-overflow=]: 'update_timespec' accessing 16 bytes in a region of size 8 # 507 | if (ts && update_timespec (&st, &ts)) # | ^~~~~~~~~~~~~~~~~~~~~~~~~~ cpio-2.13/gnu/utimens.c:507:17: note: referencing argument 2 of type 'struct timespec * *' cpio-2.13/gnu/utimens.c:131:1: note: in a call to function 'update_timespec' # 131 | update_timespec (struct stat const *statbuf, struct timespec *ts[2]) # | ^~~~~~~~~~~~~~~ # 505| if (adjustment_needed != 3 && lstat (file, &st)) # 506| return -1; # 507|-> if (ts && update_timespec (&st, &ts)) # 508| return 0; # 509| } Error: COMPILER_WARNING (CWE-758): cpio-2.13/src/tar.c: scope_hint: In function 'write_out_tar_header' cpio-2.13/src/tar.c:149:7: warning[-Wstringop-overflow=]: 'strncpy' specified bound depends on the length of the source argument cpio-2.13/src/tar.c:146:14: note: length computed here # 147| if (name_len <= TARNAMESIZE) # 148| { # 149|-> strncpy (tar_hdr->name, file_hdr->c_name, name_len); # 150| } # 151| else Error: BUFFER_SIZE (CWE-170): cpio-2.13/src/tar.c:176: buffer_size_warning: Calling "strncpy" with a maximum size argument of 100 bytes on destination array "tar_hdr->linkname" of size 100 bytes might leave the destination string unterminated. # 174| /* process_copy_out makes sure that c_tar_linkname is shorter # 175| than TARLINKNAMESIZE. */ # 176|-> strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname, # 177| TARLINKNAMESIZE); # 178| tar_hdr->typeflag = LNKTYPE; Error: BUFFER_SIZE (CWE-170): cpio-2.13/src/tar.c:203: buffer_size_warning: Calling "strncpy" with a maximum size argument of 100 bytes on destination array "tar_hdr->linkname" of size 100 bytes might leave the destination string unterminated. # 201| /* process_copy_out makes sure that c_tar_linkname is shorter # 202| than TARLINKNAMESIZE. */ # 203|-> strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname, # 204| TARLINKNAMESIZE); # 205| to_ascii (tar_hdr->size, 0, 12, LG_8, true); Error: BUFFER_SIZE (CWE-120): cpio-2.13/src/tar.c:215: buffer_size: Calling "strncpy" with a source string whose length (2 chars) is greater than or equal to the size argument (2) will fail to null-terminate "tar_hdr->version". # 213| # 214| strncpy (tar_hdr->magic, TMAGIC, TMAGLEN); # 215|-> strncpy (tar_hdr->version, TVERSION, TVERSLEN); # 216| # 217| name = getuser (file_hdr->c_uid);