wcsncat() was declared unsafe in favour of wcsncat_s(). However, the string concatenation follows the string length check, making wcsncat() safe too. Code analysis is just not smart enough (yet) to detect this.
The code was refactored to use wcscat_s() MSVC is considering as "safe". Signed-off-by: Simon Rozman <si...@rozman.si> --- src/tapctl/tap.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/tapctl/tap.c b/src/tapctl/tap.c index dd4a10a3..3f76c43a 100644 --- a/src/tapctl/tap.c +++ b/src/tapctl/tap.c @@ -2,7 +2,7 @@ * tapctl -- Utility to manipulate TUN/TAP adapters on Windows * https://community.openvpn.net/openvpn/wiki/Tapctl * - * Copyright (C) 2018-2020 Simon Rozman <si...@rozman.si> + * Copyright (C) 2018-2021 Simon Rozman <si...@rozman.si> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -73,14 +73,13 @@ find_function(const WCHAR *libname, const char *funcname, HMODULE *m) return NULL; } - size_t len = _countof(libpath) - wcslen(libpath) - 1; - if (len < wcslen(libname) + 1) + if (wcslen(libpath) + 1 /*\*/ + wcslen(libname) >= _countof(libpath)) { SetLastError(ERROR_INSUFFICIENT_BUFFER); return NULL; } - wcsncat(libpath, L"\\", len); - wcsncat(libpath, libname, len-1); + wcscat_s(libpath, _countof(libpath), L"\\"); + wcscat_s(libpath, _countof(libpath), libname); *m = LoadLibraryW(libpath); if (*m == NULL) -- 2.30.0.windows.2 _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel