[PATCH] discover/network: Null terminate ifname buffer explicitly

Samuel Mendoza-Jonas sam at mendozajonas.com
Wed May 30 15:37:05 AEST 2018 

GCC 8 produces the following warning for network.c:

In function ‘network_handle_nlmsg’,
    inlined from ‘network_netlink_process’ at ../discover/network.c:726:3:
../discover/network.c:568:3: warning: ‘strncpy’ output may be truncated copying 15 bytes from a string of length 16 [-Wstringop-truncation]
   strncpy(interface->name, ifname, sizeof(interface->name) - 1);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../discover/network.c:586:3: warning: ‘strncpy’ output may be truncated copying 15 bytes from a string of length 16 [-Wstringop-truncation]
   strncpy(interface->name, ifname, sizeof(interface->name) - 1);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The code is safe since interface is allocated with talloc_zero() and we
could use -Wno-stringop-truncation to hide this but since this is the
only offender instead just copy the whole IFNAMSIZ bytes and explicitly
terminate the ifname buffer to be safe.

Signed-off-by: Samuel Mendoza-Jonas <sam at mendozajonas.com>
---
 discover/network.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/discover/network.c b/discover/network.c
index e2cae91..9594b2e 100644
--- a/discover/network.c
+++ b/discover/network.c
@@ -506,7 +506,7 @@ static int network_handle_nlmsg(struct network *network, struct nlmsghdr *nlmsg)
 	struct rtattr *attr;
 	unsigned int mtu;
 	uint8_t ifaddr[6];
-	char ifname[IFNAMSIZ+1];
+	char ifname[IFNAMSIZ];
 	int attrlen, type;
 
 
@@ -534,6 +534,7 @@ static int network_handle_nlmsg(struct network *network, struct nlmsghdr *nlmsg)
 
 		case IFLA_IFNAME:
 			strncpy(ifname, data, IFNAMSIZ);
+			ifname[IFNAMSIZ - 1] = '\0';
 			have_ifname = true;
 			break;
 
@@ -565,7 +566,7 @@ static int network_handle_nlmsg(struct network *network, struct nlmsghdr *nlmsg)
 		interface->ifindex = info->ifi_index;
 		interface->state = IFSTATE_NEW;
 		memcpy(interface->hwaddr, ifaddr, sizeof(interface->hwaddr));
-		strncpy(interface->name, ifname, sizeof(interface->name) - 1);
+		strncpy(interface->name, ifname, sizeof(interface->name));
 
 		list_for_each_entry(&network->interfaces, tmp, list)
 			if (memcmp(interface->hwaddr, tmp->hwaddr,
@@ -583,7 +584,7 @@ static int network_handle_nlmsg(struct network *network, struct nlmsghdr *nlmsg)
 	/* A repeated RTM_NEWLINK can represent an interface name change */
 	if (strncmp(interface->name, ifname, IFNAMSIZ)) {
 		pb_debug("ifname update: %s -> %s\n", interface->name, ifname);
-		strncpy(interface->name, ifname, sizeof(interface->name) - 1);
+		strncpy(interface->name, ifname, sizeof(interface->name));
 		talloc_free(interface->dev->device->id);
 		interface->dev->device->id =
 			talloc_strdup(interface->dev->device, ifname);
-- 
2.17.0

More information about the Petitboot mailing list