The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3604
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) ===
From 94e56bd5b79e48b793041ebcac3f2b527050151c Mon Sep 17 00:00:00 2001 From: liuyujun <liuyu...@fingera.cn> Date: Thu, 17 Dec 2020 22:08:43 +0800 Subject: [PATCH] fix: gcc8.3.0 and memset overflow --- src/lxc/af_unix.c | 4 ++-- src/lxc/confile_utils.c | 2 +- src/lxc/lxccontainer.c | 3 +-- src/lxc/network.c | 4 ++-- src/lxc/utils.c | 7 +++++-- 5 files changed, 11 insertions(+), 9 deletions(-) diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c index 9fba0ee15c..8146ebd4a9 100644 --- a/src/lxc/af_unix.c +++ b/src/lxc/af_unix.c @@ -62,7 +62,7 @@ int lxc_abstract_unix_open(const char *path, int type, int flags) return -1; } /* addr.sun_path[0] has already been set to 0 by memset() */ - strncpy(&addr.sun_path[1], &path[1], len); + memcpy(&addr.sun_path[1], &path[1], len); ret = bind(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1); @@ -115,7 +115,7 @@ int lxc_abstract_unix_connect(const char *path) return -1; } /* addr.sun_path[0] has already been set to 0 by memset() */ - strncpy(&addr.sun_path[1], &path[1], strlen(&path[1])); + memcpy(&addr.sun_path[1], &path[1], len); ret = connect(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1); diff --git a/src/lxc/confile_utils.c b/src/lxc/confile_utils.c index 612f53f1e7..dde5a78342 100644 --- a/src/lxc/confile_utils.c +++ b/src/lxc/confile_utils.c @@ -616,7 +616,7 @@ int lxc_get_conf_str(char *retv, int inlen, const char *value) if (!value) return 0; if (retv && inlen >= strlen(value) + 1) - strncpy(retv, value, strlen(value) + 1); + strncpy(retv, value, inlen); return strlen(value); } diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index 745941cdd2..d87e0a3d84 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -673,8 +673,7 @@ static char **split_init_cmd(const char *incmd) len = strlen(incmd) + 1; copy = alloca(len); - strncpy(copy, incmd, len); - copy[len-1] = '\0'; + memcpy(copy, incmd, len); do { argv = malloc(sizeof(char *)); diff --git a/src/lxc/network.c b/src/lxc/network.c index 240d09337a..b3608ed785 100644 --- a/src/lxc/network.c +++ b/src/lxc/network.c @@ -2151,8 +2151,8 @@ static int lxc_create_network_unpriv_exec(const char *lxcpath, const char *lxcna return -1; } - memset(netdev->name, 0, IFNAMSIZ + 1); - strncpy(netdev->name, token, IFNAMSIZ); + memset(netdev->name, 0, IFNAMSIZ); + strncpy(netdev->name, token, IFNAMSIZ - 1); /* netdev->ifindex */ token = strtok_r(NULL, ":", &saveptr); diff --git a/src/lxc/utils.c b/src/lxc/utils.c index df4439549a..8139987c54 100644 --- a/src/lxc/utils.c +++ b/src/lxc/utils.c @@ -2340,13 +2340,16 @@ int parse_byte_size_string(const char *s, int64_t *converted) char *end; char dup[LXC_NUMSTRLEN64 + 2]; char suffix[3]; + size_t s_len; if (!s || !strcmp(s, "")) return -EINVAL; - end = stpncpy(dup, s, sizeof(dup)); - if (*end != '\0') + s_len = strlen(s); + if (s_len >= sizeof(dup)) return -EINVAL; + memcpy(dup, s, s_len + 1); + end = dup + s_len; if (isdigit(*(end - 1))) suffix_len = 0;
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel