* [PATCH V2] selinux: Fix strncpy in libselinux and libsepol
@ 2019-06-02 9:16 Richard Haines
0 siblings, 0 replies; only message in thread
From: Richard Haines @ 2019-06-02 9:16 UTC (permalink / raw)
To: selinux, bill.c.roberts, sds; +Cc: Richard Haines
When building with gcc9, get build errors such as:
genbools.c:24:2: error: ‘strncpy’ output may be truncated copying 8191
bytes from a string of length 8191 [-Werror=stringop-truncation]
24 | strncpy(dest, ptr, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
V2 Change
Remove buffer resizing and just fix buffer lengths to match for strncpy.
To test booleans.c use security_load_booleans(3)
To test genbools.c generate a policy 'booleans' file and run semodule -B
libselinux/src/booleans.c | 2 +-
libsepol/src/genbools.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c
index ab1e0754..e1079fb9 100644
--- a/libselinux/src/booleans.c
+++ b/libselinux/src/booleans.c
@@ -358,7 +358,7 @@ static int process_boolean(char *buffer, char *name, int namesize, int *val)
return -1;
}
strncpy(name1, tok, BUFSIZ - 1);
- strtrim(name, name1, namesize - 1);
+ strtrim(name, name1, namesize);
tok = strtok_r(NULL, "\0", &ptr);
if (!tok) {
diff --git a/libsepol/src/genbools.c b/libsepol/src/genbools.c
index d4a2df62..c6595b80 100644
--- a/libsepol/src/genbools.c
+++ b/libsepol/src/genbools.c
@@ -49,7 +49,7 @@ static int process_boolean(char *buffer, char *name, int namesize, int *val)
return -1;
}
strncpy(name1, tok, BUFSIZ - 1);
- strtrim(name, name1, namesize - 1);
+ strtrim(name, name1, namesize);
tok = strtok_r(NULL, "\0", &ptr);
if (!tok) {
--
2.21.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2019-06-02 10:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-02 9:16 [PATCH V2] selinux: Fix strncpy in libselinux and libsepol Richard Haines
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).