[PATCH V2] selinux: Fix strncpy in libselinux and libsepol

* [PATCH V2] selinux: Fix strncpy in libselinux and libsepol
@ 2019-06-02  9:16 Richard Haines
  0 siblings, 0 replies; only message in thread
From: Richard Haines @ 2019-06-02  9:16 UTC (permalink / raw)
  To: selinux, bill.c.roberts, sds; +Cc: Richard Haines

When building with gcc9, get build errors such as:

genbools.c:24:2: error: ‘strncpy’ output may be truncated copying 8191
bytes from a string of length 8191 [-Werror=stringop-truncation]
   24 |  strncpy(dest, ptr, size);
      |  ^~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
V2 Change
Remove buffer resizing and just fix buffer lengths to match for strncpy.
To test booleans.c use security_load_booleans(3)
To test genbools.c generate a policy 'booleans' file and run semodule -B

 libselinux/src/booleans.c | 2 +-
 libsepol/src/genbools.c   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c
index ab1e0754..e1079fb9 100644
--- a/libselinux/src/booleans.c
+++ b/libselinux/src/booleans.c
@@ -358,7 +358,7 @@ static int process_boolean(char *buffer, char *name, int namesize, int *val)
 		return -1;
 	}
 	strncpy(name1, tok, BUFSIZ - 1);
-	strtrim(name, name1, namesize - 1);
+	strtrim(name, name1, namesize);
 
 	tok = strtok_r(NULL, "\0", &ptr);
 	if (!tok) {
diff --git a/libsepol/src/genbools.c b/libsepol/src/genbools.c
index d4a2df62..c6595b80 100644
--- a/libsepol/src/genbools.c
+++ b/libsepol/src/genbools.c
@@ -49,7 +49,7 @@ static int process_boolean(char *buffer, char *name, int namesize, int *val)
 		return -1;
 	}
 	strncpy(name1, tok, BUFSIZ - 1);
-	strtrim(name, name1, namesize - 1);
+	strtrim(name, name1, namesize);
 
 	tok = strtok_r(NULL, "\0", &ptr);
 	if (!tok) {
-- 
2.21.0


^ permalink raw reply related	[flat|nested] only message in thread