Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 5 Sep 2009 22:50:05 GMT
From:      Dmytro Gorbunov <dmitro.gorbunov@gmail.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   bin/138560: Incorrect usage of strncpy function
Message-ID:  <200909052250.n85Mo5tI070253@www.freebsd.org>
Resent-Message-ID: <200909052300.n85N0DTO049470@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 


>Number:         138560
>Category:       bin
>Synopsis:       Incorrect usage of strncpy function
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 05 23:00:12 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Dmytro Gorbunov
>Release:        7.2
>Organization:
Savesources.com
>Environment:
>Description:
Dear sir/madam,

I've found a few issues in FreeBSD's sources related to incorrect usages of strncpy function.
For example 
./sbin/ifconfig/ifieee80211.c:
2414 static void
2415 list_capabilities(int s)
2416 {
2417   struct ieee80211req ireq;
2418   u_int32_t caps;
2419
2420   (void) memset(&ireq, 0, sizeof(ireq));
2421   (void) strncpy(ireq.i_name, name, sizeof(ireq.i_name));

So, ireq.i_name can become non-zero-terminated.
Correct line in this case is 
2421   (void) strncpy(ireq.i_name, name, sizeof(ireq.i_name)-1);

There are a lot of such problems in code, next example is the following
./contrib/wpa_supplicant/preauth_test.c
278   os_strncpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
279   wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname, NULL);
280
281   l2 = l2_packet_init(wpa_s->ifname, NULL, ETH_P_RSN_PREAUTH, NULL,

Correct variant is 
278   os_strncpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname) - 1);
279   wpa_s->ifname[sizeof(wpa_s->ifname) - 1] = '\0';


These issues were found in scope of my project for preventing issue in software written in C/C++ http://savesources.com
Please contact me if you have any ideas/suggestions/questions.

Best regards,
Dmytro Gorbunov
Leader of savesources.com

>How-To-Repeat:
Please look at the description
>Fix:
it also mentioned in the description

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909052250.n85Mo5tI070253>