From: Francis Deslauriers Date: Thu, 23 May 2019 16:08:30 +0000 (-0400) Subject: Fix: logging: possible buffer overflows X-Git-Url: http://git.efficios.com/?p=babeltrace.git;a=commitdiff_plain;h=879e14e8653bb2f9d8d83e50b983bc1fee571701;hp=879e14e8653bb2f9d8d83e50b983bc1fee571701 Fix: logging: possible buffer overflows Issue ===== Multiple possible buffer overflows on string operations using the `SET_TMP_PREFIX()` macro that uses `strcpy()` on parameter char array. Solution ======== Use a #define to set the length of the destination array and use it as the size parameter of the `strncpy()` and `strncat()` calls. Drawbacks ========= None. Notes ===== Coverity reported defects: CID 1401179 (#5 of 5): Copy into fixed size buffer (STRING_OVERFLOW) 9. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length. CID 1401181 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 5. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length CID 1401186 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 15. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length. CID 1401192 (#2 of 2): Copy into fixed size buffer (STRING_OVERFLOW) 4. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length. CID 1401197 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 6. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length. CID 1401198 (#4 of 4): Copy into fixed size buffer (STRING_OVERFLOW) 15. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length. CID 1401203 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 28. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length. CID 1401212 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 12. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length. CID 1401215 (#4 of 4): Copy into fixed size buffer (STRING_OVERFLOW) 16. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length. CID 1401221 (#2 of 2): Copy into fixed size buffer (STRING_OVERFLOW) 19. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length. CID 1401227 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 13. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length. CID 1401230 (#3 of 3): Copy into fixed size buffer (STRING_OVERFLOW) 10. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length. CID 1401232 (#3 of 3): Copy into fixed size buffer (STRING_OVERFLOW) 23. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length. CID 1401234 (#5 of 5): Copy into fixed size buffer (STRING_OVERFLOW) 19. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length. CID 1401254 (#10 of 10): Copy into fixed size buffer (STRING_OVERFLOW) 10. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length. CID 1401257 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 9. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length. CID 1401261 (#2 of 2): Copy into fixed size buffer (STRING_OVERFLOW) 11. fixed_size_dest: You might overrun the 64-character fixed-size string tmp_prefix by copying prefix without checking the length. Reported-by: Coverity - Copy into fixed size buffer (STRING_OVERFLOW) Signed-off-by: Francis Deslauriers Change-Id: I922f1fb82a95e06b0c42627a2e57ba94debe1c5a Reviewed-on: https://review.lttng.org/c/babeltrace/+/1329 Reviewed-by: Jérémie Galarneau Tested-by: jenkins ---