Fix covscan BUFFER_SIZE

Error: BUFFER_SIZE (CWE-170): [#def6]
shadow-4.8.1/libmisc/failure.c:101: buffer_size_warning: Calling "strncpy" with a maximum size argument of 12 bytes on destination array "fl->fail_line" of size 12 bytes might leave the destination string unterminated.
   99|   	}
  100|
  101|-> 	strncpy (fl->fail_line, tty, sizeof fl->fail_line);
  102|   	(void) time (&fl->fail_time);
  103|

Error: BUFFER_SIZE (CWE-170): [#def9]
shadow-4.8.1/libmisc/log.c:103: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "newlog.ll_line" of size 32 bytes might leave the destination string unterminated.
  101|   	(void) time (&ll_time);
  102|   	newlog.ll_time = ll_time;
  103|-> 	strncpy (newlog.ll_line, line, sizeof newlog.ll_line);
  104|   #if HAVE_LL_HOST
  105|   	strncpy (newlog.ll_host, host, sizeof newlog.ll_host);

Error: BUFFER_SIZE (CWE-170): [#def10]
shadow-4.8.1/libmisc/log.c:105: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "newlog.ll_host" of size 256 bytes might leave the destination string unterminated.
  103|   	strncpy (newlog.ll_line, line, sizeof newlog.ll_line);
  104|   #if HAVE_LL_HOST
  105|-> 	strncpy (newlog.ll_host, host, sizeof newlog.ll_host);
  106|   #endif
  107|   	if (   (lseek (fd, offset, SEEK_SET) != offset)

Error: BUFFER_SIZE (CWE-170): [#def13]
shadow-4.8.1/libmisc/utmp.c:260: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_line" of size 32 bytes might leave the destination string unterminated.
  258|   #endif				/* HAVE_STRUCT_UTMP_UT_TYPE */
  259|   	utent->ut_pid = getpid ();
  260|-> 	strncpy (utent->ut_line, line,      sizeof (utent->ut_line));
  261|   #ifdef HAVE_STRUCT_UTMP_UT_ID
  262|   	if (NULL != ut) {

Error: BUFFER_SIZE (CWE-170): [#def14]
shadow-4.8.1/libmisc/utmp.c:266: buffer_size_warning: Calling "strncpy" with a maximum size argument of 4 bytes on destination array "utent->ut_id" of size 4 bytes might leave the destination string unterminated.
  264|   	} else {
  265|   		/* XXX - assumes /dev/tty?? */
  266|-> 		strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id));
  267|   	}
  268|   #endif				/* HAVE_STRUCT_UTMP_UT_ID */

Error: BUFFER_SIZE (CWE-170): [#def15]
shadow-4.8.1/libmisc/utmp.c:273: buffer_size_warning: Calling "strncpy" with a maximum size argument of 32 bytes on destination array "utent->ut_user" of size 32 bytes might leave the destination string unterminated.
  271|   #endif				/* HAVE_STRUCT_UTMP_UT_NAME */
  272|   #ifdef HAVE_STRUCT_UTMP_UT_USER
  273|-> 	strncpy (utent->ut_user, name,      sizeof (utent->ut_user));
  274|   #endif				/* HAVE_STRUCT_UTMP_UT_USER */
  275|   	if (NULL != hostname) {

Error: BUFFER_SIZE (CWE-170): [#def16]
shadow-4.8.1/libmisc/utmp.c:278: buffer_size_warning: Calling "strncpy" with a maximum size argument of 256 bytes on destination array "utent->ut_host" of size 256 bytes might leave the destination string unterminated.
  276|   		struct addrinfo *info = NULL;
  277|   #ifdef HAVE_STRUCT_UTMP_UT_HOST
  278|-> 		strncpy (utent->ut_host, hostname, sizeof (utent->ut_host));
  279|   #endif				/* HAVE_STRUCT_UTMP_UT_HOST */
  280|   #ifdef HAVE_STRUCT_UTMP_UT_SYSLEN

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
This commit is contained in:
Iker Pedrosa 2021-06-16 09:50:53 +02:00
parent 456bdb78f8
commit 5d0d784197
3 changed files with 7 additions and 7 deletions

View File

@ -98,7 +98,7 @@ void failure (uid_t uid, const char *tty, struct faillog *fl)
fl->fail_cnt++; fl->fail_cnt++;
} }
strncpy (fl->fail_line, tty, sizeof fl->fail_line); strncpy (fl->fail_line, tty, sizeof (fl->fail_line) - 1);
(void) time (&fl->fail_time); (void) time (&fl->fail_time);
/* /*

View File

@ -100,9 +100,9 @@ void dolastlog (
ll_time = newlog.ll_time; ll_time = newlog.ll_time;
(void) time (&ll_time); (void) time (&ll_time);
newlog.ll_time = ll_time; newlog.ll_time = ll_time;
strncpy (newlog.ll_line, line, sizeof newlog.ll_line); strncpy (newlog.ll_line, line, sizeof (newlog.ll_line) - 1);
#if HAVE_LL_HOST #if HAVE_LL_HOST
strncpy (newlog.ll_host, host, sizeof newlog.ll_host); strncpy (newlog.ll_host, host, sizeof (newlog.ll_host) - 1);
#endif #endif
if ( (lseek (fd, offset, SEEK_SET) != offset) if ( (lseek (fd, offset, SEEK_SET) != offset)
|| (write (fd, (const void *) &newlog, sizeof newlog) != (ssize_t) sizeof newlog) || (write (fd, (const void *) &newlog, sizeof newlog) != (ssize_t) sizeof newlog)

View File

@ -257,25 +257,25 @@ static void updwtmpx (const char *filename, const struct utmpx *utx)
utent->ut_type = USER_PROCESS; utent->ut_type = USER_PROCESS;
#endif /* HAVE_STRUCT_UTMP_UT_TYPE */ #endif /* HAVE_STRUCT_UTMP_UT_TYPE */
utent->ut_pid = getpid (); utent->ut_pid = getpid ();
strncpy (utent->ut_line, line, sizeof (utent->ut_line)); strncpy (utent->ut_line, line, sizeof (utent->ut_line) - 1);
#ifdef HAVE_STRUCT_UTMP_UT_ID #ifdef HAVE_STRUCT_UTMP_UT_ID
if (NULL != ut) { if (NULL != ut) {
strncpy (utent->ut_id, ut->ut_id, sizeof (utent->ut_id)); strncpy (utent->ut_id, ut->ut_id, sizeof (utent->ut_id));
} else { } else {
/* XXX - assumes /dev/tty?? */ /* XXX - assumes /dev/tty?? */
strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id)); strncpy (utent->ut_id, line + 3, sizeof (utent->ut_id) - 1);
} }
#endif /* HAVE_STRUCT_UTMP_UT_ID */ #endif /* HAVE_STRUCT_UTMP_UT_ID */
#ifdef HAVE_STRUCT_UTMP_UT_NAME #ifdef HAVE_STRUCT_UTMP_UT_NAME
strncpy (utent->ut_name, name, sizeof (utent->ut_name)); strncpy (utent->ut_name, name, sizeof (utent->ut_name));
#endif /* HAVE_STRUCT_UTMP_UT_NAME */ #endif /* HAVE_STRUCT_UTMP_UT_NAME */
#ifdef HAVE_STRUCT_UTMP_UT_USER #ifdef HAVE_STRUCT_UTMP_UT_USER
strncpy (utent->ut_user, name, sizeof (utent->ut_user)); strncpy (utent->ut_user, name, sizeof (utent->ut_user) - 1);
#endif /* HAVE_STRUCT_UTMP_UT_USER */ #endif /* HAVE_STRUCT_UTMP_UT_USER */
if (NULL != hostname) { if (NULL != hostname) {
struct addrinfo *info = NULL; struct addrinfo *info = NULL;
#ifdef HAVE_STRUCT_UTMP_UT_HOST #ifdef HAVE_STRUCT_UTMP_UT_HOST
strncpy (utent->ut_host, hostname, sizeof (utent->ut_host)); strncpy (utent->ut_host, hostname, sizeof (utent->ut_host) - 1);
#endif /* HAVE_STRUCT_UTMP_UT_HOST */ #endif /* HAVE_STRUCT_UTMP_UT_HOST */
#ifdef HAVE_STRUCT_UTMP_UT_SYSLEN #ifdef HAVE_STRUCT_UTMP_UT_SYSLEN
utent->ut_syslen = MIN (strlen (hostname), utent->ut_syslen = MIN (strlen (hostname),