This is an automated email from the ASF dual-hosted git repository. gancho pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push: new 9a4aa33 cid 1375841: Replace strncpy with memcpy 9a4aa33 is described below commit 9a4aa33c713e68dc4c10d60f49f6a4e58d2c11f1 Author: Gancho Tenev <gan...@apache.com> AuthorDate: Wed May 31 07:09:58 2017 -0700 cid 1375841: Replace strncpy with memcpy Issue: CID 1375841 (#1 of 1): Buffer not null terminated (BUFFER_SIZE) 1. buffer_size: Calling strncpy with a source string whose length (4 chars) is greater than or equal to the size argument (4) will fail to null-terminate key. Fix: The code is correct. The buffer is not meant to be NULL-terminated. It seems Coverity thinks that since strncpy is used NULL-terminated buffer is expected. Changing strncpy to memcpy. Also removing unnecessary #undef --- plugins/s3_auth/aws_auth_v4.cc | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/plugins/s3_auth/aws_auth_v4.cc b/plugins/s3_auth/aws_auth_v4.cc index 65c65b9..386bf69 100644 --- a/plugins/s3_auth/aws_auth_v4.cc +++ b/plugins/s3_auth/aws_auth_v4.cc @@ -29,7 +29,6 @@ #include <openssl/sha.h> /* SHA(), sha256_Update(), SHA256_Final, etc. */ #include <openssl/hmac.h> /* HMAC() */ -#undef AWS_AUTH_V4_DETAILED_DEBUG_OUTPUT #ifdef AWS_AUTH_V4_DETAILED_DEBUG_OUTPUT #include <iostream> #endif @@ -565,8 +564,8 @@ getSignature(const char *awsSecret, size_t awsSecretLen, const char *awsRegion, size_t keyLen = 4 + awsSecretLen; char key[keyLen]; - strncpy(key, "AWS4", 4); - strncpy(key + 4, awsSecret, awsSecretLen); + memcpy(key, "AWS4", 4); + memcpy(key + 4, awsSecret, awsSecretLen); unsigned int len = signatureLen; if (HMAC(EVP_sha256(), key, keyLen, (unsigned char *)dateTime, dateTimeLen, dateKey, &dateKeyLen) && -- To stop receiving notification emails like this one, please contact ['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].