The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3604

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===

From 94e56bd5b79e48b793041ebcac3f2b527050151c Mon Sep 17 00:00:00 2001
From: liuyujun <liuyu...@fingera.cn>
Date: Thu, 17 Dec 2020 22:08:43 +0800
Subject: [PATCH] fix: gcc8.3.0 and memset overflow

---
 src/lxc/af_unix.c       | 4 ++--
 src/lxc/confile_utils.c | 2 +-
 src/lxc/lxccontainer.c  | 3 +--
 src/lxc/network.c       | 4 ++--
 src/lxc/utils.c         | 7 +++++--
 5 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c
index 9fba0ee15c..8146ebd4a9 100644
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -62,7 +62,7 @@ int lxc_abstract_unix_open(const char *path, int type, int 
flags)
                return -1;
        }
        /* addr.sun_path[0] has already been set to 0 by memset() */
-       strncpy(&addr.sun_path[1], &path[1], len);
+       memcpy(&addr.sun_path[1], &path[1], len);
 
        ret = bind(fd, (struct sockaddr *)&addr,
                   offsetof(struct sockaddr_un, sun_path) + len + 1);
@@ -115,7 +115,7 @@ int lxc_abstract_unix_connect(const char *path)
                return -1;
        }
        /* addr.sun_path[0] has already been set to 0 by memset() */
-       strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
+       memcpy(&addr.sun_path[1], &path[1], len);
 
        ret = connect(fd, (struct sockaddr *)&addr,
                      offsetof(struct sockaddr_un, sun_path) + len + 1);
diff --git a/src/lxc/confile_utils.c b/src/lxc/confile_utils.c
index 612f53f1e7..dde5a78342 100644
--- a/src/lxc/confile_utils.c
+++ b/src/lxc/confile_utils.c
@@ -616,7 +616,7 @@ int lxc_get_conf_str(char *retv, int inlen, const char 
*value)
        if (!value)
                return 0;
        if (retv && inlen >= strlen(value) + 1)
-               strncpy(retv, value, strlen(value) + 1);
+               strncpy(retv, value, inlen);
 
        return strlen(value);
 }
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 745941cdd2..d87e0a3d84 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -673,8 +673,7 @@ static char **split_init_cmd(const char *incmd)
 
        len = strlen(incmd) + 1;
        copy = alloca(len);
-       strncpy(copy, incmd, len);
-       copy[len-1] = '\0';
+       memcpy(copy, incmd, len);
 
        do {
                argv = malloc(sizeof(char *));
diff --git a/src/lxc/network.c b/src/lxc/network.c
index 240d09337a..b3608ed785 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -2151,8 +2151,8 @@ static int lxc_create_network_unpriv_exec(const char 
*lxcpath, const char *lxcna
                return -1;
        }
 
-       memset(netdev->name, 0, IFNAMSIZ + 1);
-       strncpy(netdev->name, token, IFNAMSIZ);
+       memset(netdev->name, 0, IFNAMSIZ);
+       strncpy(netdev->name, token, IFNAMSIZ - 1);
 
        /* netdev->ifindex */
        token = strtok_r(NULL, ":", &saveptr);
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index df4439549a..8139987c54 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -2340,13 +2340,16 @@ int parse_byte_size_string(const char *s, int64_t 
*converted)
        char *end;
        char dup[LXC_NUMSTRLEN64 + 2];
        char suffix[3];
+       size_t s_len;
 
        if (!s || !strcmp(s, ""))
                return -EINVAL;
 
-       end = stpncpy(dup, s, sizeof(dup));
-       if (*end != '\0')
+       s_len = strlen(s);
+       if (s_len >= sizeof(dup))
                return -EINVAL;
+       memcpy(dup, s, s_len + 1);
+       end = dup + s_len;
 
        if (isdigit(*(end - 1)))
                suffix_len = 0;
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to