From dcfd984d8e09db9d5a7b4d121d914442966c254f Mon Sep 17 00:00:00 2001 From: David Oberhollenzer Date: Sat, 25 Jan 2020 14:39:08 +0100 Subject: mtd-utils: Fix potentially unterminated strings This commit fixes some uses of strncpy that could leave the destination buffer unterminated. Signed-off-by: David Oberhollenzer --- lib/libubi.c | 3 ++- misc-utils/mtdpart.c | 4 +++- tests/checkfs/checkfs.c | 3 ++- tests/jittertest/JitterTest.c | 3 ++- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/libubi.c b/lib/libubi.c index afe3648..baaca2f 100644 --- a/lib/libubi.c +++ b/lib/libubi.c @@ -1008,7 +1008,8 @@ int ubi_mkvol(libubi_t desc, const char *node, struct ubi_mkvol_request *req) if (n > UBI_MAX_VOLUME_NAME) return -1; - strncpy(r.name, req->name, UBI_MAX_VOLUME_NAME + 1); + strncpy(r.name, req->name, UBI_MAX_VOLUME_NAME); + r.name[UBI_MAX_VOLUME_NAME] = '\0'; r.name_len = n; fd = open(node, O_RDONLY); diff --git a/misc-utils/mtdpart.c b/misc-utils/mtdpart.c index e480e1b..ba35d87 100644 --- a/misc-utils/mtdpart.c +++ b/misc-utils/mtdpart.c @@ -174,7 +174,9 @@ int main(int argc, char * const argv[]) case COMMAND_ADD: part.start = start_addr; part.length = length; - strncpy(part.devname, part_name, sizeof(part.devname)); + strncpy(part.devname, part_name, + sizeof(part.devname) - 1); + part.devname[sizeof(part.devname) - 1] = '\0'; arg.op = BLKPG_ADD_PARTITION; break; case COMMAND_DEL: diff --git a/tests/checkfs/checkfs.c b/tests/checkfs/checkfs.c index 3e34cc4..203ad5c 100644 --- a/tests/checkfs/checkfs.c +++ b/tests/checkfs/checkfs.c @@ -512,7 +512,8 @@ static void processCmdLine(int argc, char **argv) { if(strcmp(argv[cnt], CMDLINE_PORT) == 0) { - strncpy(SerialDevice, argv[++cnt], sizeof(SerialDevice)); + strncpy(SerialDevice, argv[++cnt], sizeof(SerialDevice) - 1); + SerialDevice[sizeof(SerialDevice) - 1] = '\0'; continue; }else if(strcmp(argv[cnt], CMDLINE_MAXFILEBYTES) == 0) diff --git a/tests/jittertest/JitterTest.c b/tests/jittertest/JitterTest.c index 797035b..2bee0b0 100644 --- a/tests/jittertest/JitterTest.c +++ b/tests/jittertest/JitterTest.c @@ -859,7 +859,8 @@ void HandleCmdLineArgs( /* Set the file to log console log on. */ ++argNum; - strncpy(LogFile, argv[argNum], sizeof(LogFile)); + strncpy(LogFile, argv[argNum], sizeof(LogFile) - 1); + LogFile[sizeof(LogFile) - 1] = '\0'; } else if ((strcmp(argv[argNum],"--grab_kprofile") == -- cgit v1.2.3