Fix possible buffer overflows detected by newer GCC versions
GCC reports problems like this: gcc -DHAVE_CONFIG_H -I. -I../include -I../include -Wall -Werror -I./include -D_FORTIFY_SOURCE=2 -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -fno-plt -MT layer3/q931.lo -MD -MP -MF layer3/.deps/q931.Tpo -c layer3/q931.c -fPIC -DPIC -o layer3/.libs/q931.o In file included from /usr/include/string.h:494, from layer3/q931.c:22: In function ‘strncpy’, inlined from ‘mi_encode_redirecting_nr’ at layer3/q931.c:531:3: /usr/include/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ forming offset [25, 31] is out of the bounds [0, 24] of object ‘ie’ with type ‘unsigned char[24]’ [-Werror=array-bounds] return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks to Tobias Powalowski for reporting this This commit fixes issue #9 on github.
This commit is contained in:
parent
e5088699fb
commit
710b87dcb9
|
@ -1309,7 +1309,7 @@ static int do_setup(devinfo_t *di) {
|
||||||
|
|
||||||
int main(int argc, char *argv[])
|
int main(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
char FileName[200],FileNameOut[200], FileNameIn[200];
|
char FileName[200],FileNameOut[208], FileNameIn[208];
|
||||||
int aidx=1,para=1, idx;
|
int aidx=1,para=1, idx;
|
||||||
char sw;
|
char sw;
|
||||||
devinfo_t mISDN;
|
devinfo_t mISDN;
|
||||||
|
@ -1373,7 +1373,7 @@ int main(int argc, char *argv[])
|
||||||
} else {
|
} else {
|
||||||
if (para==1) {
|
if (para==1) {
|
||||||
if (argc > 1)
|
if (argc > 1)
|
||||||
strncpy(FileName, argv[aidx], 199);
|
strncpy(FileName, argv[aidx], sizeof(FileName) - 1);
|
||||||
para++;
|
para++;
|
||||||
} else {
|
} else {
|
||||||
fprintf(stderr,"Undefined argument %s\n",argv[aidx]);
|
fprintf(stderr,"Undefined argument %s\n",argv[aidx]);
|
||||||
|
@ -1391,8 +1391,8 @@ int main(int argc, char *argv[])
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
close(err);
|
close(err);
|
||||||
sprintf(FileNameOut,"%s.out", FileName);
|
snprintf(FileNameOut, sizeof(FileNameOut) - 1, "%s.out", FileName);
|
||||||
sprintf(FileNameIn,"%s.in", FileName);
|
snprintf(FileNameIn, sizeof(FileNameIn) - 1, "%s.in", FileName);
|
||||||
if (0>(mISDN.save = open(FileNameIn, O_WRONLY|O_CREAT|O_TRUNC,S_IRWXU))) {
|
if (0>(mISDN.save = open(FileNameIn, O_WRONLY|O_CREAT|O_TRUNC,S_IRWXU))) {
|
||||||
printf("TestmISDN cannot open %s due to %s\n",FileNameIn,
|
printf("TestmISDN cannot open %s due to %s\n",FileNameIn,
|
||||||
strerror(errno));
|
strerror(errno));
|
||||||
|
|
|
@ -506,7 +506,7 @@ mi_encode_called_nr(struct l3_msg *l3m, char *nr, unsigned int type, unsigned in
|
||||||
int
|
int
|
||||||
mi_encode_redirecting_nr(struct l3_msg *l3m, char *nr, int pres, unsigned int type, unsigned int plan, int reason)
|
mi_encode_redirecting_nr(struct l3_msg *l3m, char *nr, int pres, unsigned int type, unsigned int plan, int reason)
|
||||||
{
|
{
|
||||||
unsigned char ie[24];
|
unsigned char ie[32];
|
||||||
int l;
|
int l;
|
||||||
|
|
||||||
if (nr == NULL || *nr == 0) /* not provided */
|
if (nr == NULL || *nr == 0) /* not provided */
|
||||||
|
@ -537,7 +537,7 @@ mi_encode_redirecting_nr(struct l3_msg *l3m, char *nr, int pres, unsigned int ty
|
||||||
int
|
int
|
||||||
mi_encode_redirection_nr(struct l3_msg *l3m, char *nr, int pres, unsigned int type, unsigned int plan)
|
mi_encode_redirection_nr(struct l3_msg *l3m, char *nr, int pres, unsigned int type, unsigned int plan)
|
||||||
{
|
{
|
||||||
unsigned char ie[24];
|
unsigned char ie[32];
|
||||||
int l;
|
int l;
|
||||||
|
|
||||||
if (nr == NULL || *nr == 0) /* not provided */
|
if (nr == NULL || *nr == 0) /* not provided */
|
||||||
|
|
|
@ -460,9 +460,9 @@ static int setLayer3(int, int);
|
||||||
if (defController == currentController)
|
if (defController == currentController)
|
||||||
fprintf(stderr, "dumpfile ignored for global section\n");
|
fprintf(stderr, "dumpfile ignored for global section\n");
|
||||||
else
|
else
|
||||||
strncpy(currentController->dumpfile, yytext, MAX_FILE_NAME);
|
strncpy(currentController->dumpfile, yytext, MAX_FILE_NAME - 1);
|
||||||
} else if (filetyp == 2) {
|
} else if (filetyp == 2) {
|
||||||
strncpy(currentController->logfile, yytext, MAX_FILE_NAME);
|
strncpy(currentController->logfile, yytext, MAX_FILE_NAME - 1);
|
||||||
} else {
|
} else {
|
||||||
fprintf(stderr, "Got unhandled filetype %d with %s - abort\n", filetyp, yytext);
|
fprintf(stderr, "Got unhandled filetype %d with %s - abort\n", filetyp, yytext);
|
||||||
return -1;
|
return -1;
|
||||||
|
|
|
@ -88,7 +88,7 @@ next_dev:
|
||||||
}
|
}
|
||||||
found_dev:
|
found_dev:
|
||||||
devname.id = i;
|
devname.id = i;
|
||||||
strncpy(devname.name, argv[2], MISDN_MAX_IDLEN);
|
strncpy(devname.name, argv[2], MISDN_MAX_IDLEN - 1);
|
||||||
ret = ioctl(sock, IMSETDEVNAME, &devname);
|
ret = ioctl(sock, IMSETDEVNAME, &devname);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
fprintf(stderr, "Cannot set device name for port %d: %s\n", i, strerror(errno));
|
fprintf(stderr, "Cannot set device name for port %d: %s\n", i, strerror(errno));
|
||||||
|
|
Loading…
Reference in New Issue