[Spice-devel] [spice-gtk 2/4] coverity: avoid string overflow
Fabiano FidĂȘncio
fidencio at redhat.com
Mon Apr 25 09:24:07 UTC 2016
On Mon, Apr 25, 2016 at 10:59 AM, Frediano Ziglio <fziglio at redhat.com> wrote:
>>
>> On Mon, Apr 4, 2016 at 9:59 AM, Fabiano FidĂȘncio <fidencio at redhat.com> wrote:
>> > sockaddr_un.sun_path has 108 bytes, while pipe_name has
>> > PIPE_NAME_MAX_LEN (256 bytes)
>> > ---
>> > src/controller/test.c | 6 ++++++
>> > 1 file changed, 6 insertions(+)
>> >
>> > diff --git a/src/controller/test.c b/src/controller/test.c
>> > index 9a45581..649aca5 100644
>> > --- a/src/controller/test.c
>> > +++ b/src/controller/test.c
>> > @@ -233,6 +233,12 @@ int main (int argc, char *argv[])
>> > snprintf (pipe_name, PIPE_NAME_MAX_LEN, PIPE_NAME);
>
> So changing PIPE_NAME_MAX_LEN here to something like MIN(PIPE_NAME_MAX_LEN, sizeof(remote.sun_path))
> would work too.
>
>> > printf ("Creating a controller connection %s\n", pipe_name);
>> > struct sockaddr_un remote;
>> > +
>> > + if (strlen(pipe_name) + 1 > sizeof(remote.sun_path)) {
>> > + printf ("address is too long for unix socket_path: %s",
>> > pipe_name);
>> > + return -1;
>> > + }
>> > +
>> > if ((sock = socket (AF_UNIX, SOCK_STREAM, 0)) == -1) {
>> > printf ("Could not open socket, (%d) %s\n", errno,
>> > strerror(errno));
>> > return -1;
>> > --
>> > 2.7.3
>> >
>>
>> ping?
>
> By the way... code is only for a test and PIPE_NAME is "/tmp/test",
> IMHO the coverity report should be marked as "Intentional", "ignore"
Okay, taking your suggestion and dropping the patch!
>
> Frediano
More information about the Spice-devel
mailing list