From: Francis Deslauriers Date: Sat, 25 May 2019 21:28:08 +0000 (-0400) Subject: Fix: lib-logging: possible buffer not null terminated X-Git-Url: http://git.efficios.com/?p=babeltrace.git;a=commitdiff_plain;h=eea66fe071c54a96dcc811c4d921e5b2b59feeb3 Fix: lib-logging: possible buffer not null terminated Issue ===== While fixing Coverity warnings, commit 879e14e8 introduced other warnings. Indeed, the destination string after the `strncpy()` call would be left not null terminated if the size of the source buffer is equal or larger than the `TMP_PREFIX_LEN`. Also, the `strncat()` does not consider the characters added by the previous `strncpy()` call when supplying the size of the destination buffer. This could result in buffer overflows. Solution ======== Use `snprintf()` to concatenate the two strings and set the last character to `\0`. It's worth it to make the code easier to understand even though the `snprintf()` is probably more work because of the format string. Drawbacks ========= None. Notes ===== List of coverity defect reports: CID 1401510 (#5 of 5): Buffer not null terminated (BUFFER_SIZE_WARNING) 19. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. CID 1401511 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING) 4. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. CID 1401513 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING) 19. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. CID 1401517 (#5 of 5): Buffer not null terminated (BUFFER_SIZE_WARNING) 9. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. ID 1401519 (#4 of 4): Buffer not null terminated (BUFFER_SIZE_WARNING) 15. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. CID 1401523 (#3 of 3): Buffer not null terminated (BUFFER_SIZE_WARNING) 16. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. CID 1401525 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING) 10. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. CID 1401526 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING) 11. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. CID 1401528 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING) 15. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. CID 1401532 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING) 5. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. CID 1401533 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING) 6. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. CID 1401534 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING) 12. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. CID 1401535 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING) 13. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. CID 1401537 (#2 of 2): Buffer not null terminated (BUFFER_SIZE_WARNING) 23. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. CID 1401539 (#10 of 10): Buffer not null terminated (BUFFER_SIZE_WARNING) 10. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. CID 1401540 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING) 28. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. CID 1401541 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING) 9. buffer_size_warning: Calling strncpy with a maximum size argument of 64 bytes on destination array tmp_prefix of size 64 bytes might leave the destination string unterminated. Reported-by: Coverity - Buffer not null terminated Signed-off-by: Francis Deslauriers Change-Id: Ie10d4d6c8b1a0caff2fe70bbb1046673bbb1a999 Reviewed-on: https://review.lttng.org/c/babeltrace/+/1333 Tested-by: jenkins Reviewed-by: Philippe Proulx --- diff --git a/lib/lib-logging.c b/lib/lib-logging.c index 0a988db3..98572f16 100644 --- a/lib/lib-logging.c +++ b/lib/lib-logging.c @@ -103,8 +103,9 @@ static __thread char lib_logging_buf[LIB_LOGGING_BUF_SIZE]; #define TMP_PREFIX_LEN 64 #define SET_TMP_PREFIX(_prefix2) \ do { \ - strncpy(tmp_prefix, prefix, TMP_PREFIX_LEN); \ - strncat(tmp_prefix, (_prefix2), TMP_PREFIX_LEN); \ + snprintf(tmp_prefix, TMP_PREFIX_LEN - 1, "%s%s", \ + prefix, (_prefix2)); \ + tmp_prefix[TMP_PREFIX_LEN - 1] = '\0'; \ } while (0) static inline void format_component(char **buf_ch, bool extended,