[ibsim,17/23] umad2sim.c: Fix a few potential buffer overflow issues

Commit Message

Honggang LI Jan. 2, 2019, 1:13 p.m. UTC

Issue was detected by Coveiry.
----
Error: CLANG_WARNING: [#def21]
ibsim-0.7/umad2sim/umad2sim.c:374:26: warning: Potential buffer overflow. Replace with 'sizeof(path) - strlen(path) - 1' or use a safer 'strlcat' API
//        strncat(path, "/pkeys", sizeof(path) - 1);
//                                ^~~~~~~~~~~~~~~~
ibsim-0.7/umad2sim/umad2sim.c:374:26: note: Potential buffer overflow. Replace with 'sizeof(path) - strlen(path) - 1' or use a safer 'strlcat' API
//        strncat(path, "/pkeys", sizeof(path) - 1);
//                                ^~~~~~~~~~~~~~~~
//  372|   	/* /sys/class/infiniband/mthca0/ports/1/pkeys/0 */
//  373|   	str = path + strlen(path);
//  374|-> 	strncat(path, "/pkeys", sizeof(path) - 1);
//  375|   	make_path(path);
//  376|   	for (i = 0; i < sizeof(sc->pkeys)/sizeof(sc->pkeys[0]); i++) {
----

Signed-off-by: Honggang Li <honli@redhat.com>
---
 umad2sim/umad2sim.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

Comments

Hal Rosenstock Jan. 8, 2019, 2 p.m. UTC | #1

On 1/2/2019 8:13 AM, Honggang Li wrote:
> Issue was detected by Coveiry.
> ----
> Error: CLANG_WARNING: [#def21]
> ibsim-0.7/umad2sim/umad2sim.c:374:26: warning: Potential buffer overflow. Replace with 'sizeof(path) - strlen(path) - 1' or use a safer 'strlcat' API
> //        strncat(path, "/pkeys", sizeof(path) - 1);
> //                                ^~~~~~~~~~~~~~~~
> ibsim-0.7/umad2sim/umad2sim.c:374:26: note: Potential buffer overflow. Replace with 'sizeof(path) - strlen(path) - 1' or use a safer 'strlcat' API
> //        strncat(path, "/pkeys", sizeof(path) - 1);
> //                                ^~~~~~~~~~~~~~~~
> //  372|   	/* /sys/class/infiniband/mthca0/ports/1/pkeys/0 */
> //  373|   	str = path + strlen(path);
> //  374|-> 	strncat(path, "/pkeys", sizeof(path) - 1);
> //  375|   	make_path(path);
> //  376|   	for (i = 0; i < sizeof(sc->pkeys)/sizeof(sc->pkeys[0]); i++) {
> ----
> 
> Signed-off-by: Honggang Li <honli@redhat.com>

Thanks. Applied.

-- Hal

Patch

diff --git a/umad2sim/umad2sim.c b/umad2sim/umad2sim.c
index 80e7b8166638..c1bd8dc9d8b0 100644
--- a/umad2sim/umad2sim.c
+++ b/umad2sim/umad2sim.c
@@ -165,8 +165,8 @@  static int file_printf(char *path, char *name, const char *fmt, ...)
 	int ret;
 
 	convert_sysfs_path(file_name, sizeof(file_name), path);
-	strncat(file_name, "/", sizeof(file_name) - 1);
-	strncat(file_name, name, sizeof(file_name) - 1);
+	strncat(file_name, "/", sizeof(file_name) - strlen(file_name) - 1);
+	strncat(file_name, name, sizeof(file_name) - strlen(file_name) - 1);
 	unlink(file_name);
 	f = fopen(file_name, "w");
 	if (!f) {
@@ -239,7 +239,7 @@  static int dev_sysfs_create(struct umad2sim_dev *dev)
 		    (uint16_t) ((guid >> 0) & 0xffff));
 
 	/* /sys/class/infiniband/mthca0/ports/ */
-	strncat(path, "/ports", sizeof(path) - 1);
+	strncat(path, "/ports", sizeof(path) - strlen(path) - 1);
 	make_path(path);
 
 	portinfo = sc->portinfo;
@@ -351,7 +351,7 @@  static int dev_sysfs_create(struct umad2sim_dev *dev)
 
 	/* /sys/class/infiniband/mthca0/ports/1/gids/0 */
 	str = path + strlen(path);
-	strncat(path, "/gids", sizeof(path) - 1);
+	strncat(path, "/gids", sizeof(path) - strlen(path) - 1);
 	make_path(path);
 	*str = '\0';
 	gid = mad_get_field64(portinfo, 0, IB_PORT_GID_PREFIX_F);
@@ -370,7 +370,7 @@  static int dev_sysfs_create(struct umad2sim_dev *dev)
 
 	/* /sys/class/infiniband/mthca0/ports/1/pkeys/0 */
 	str = path + strlen(path);
-	strncat(path, "/pkeys", sizeof(path) - 1);
+	strncat(path, "/pkeys", sizeof(path) - strlen(path) - 1);
 	make_path(path);
 	for (i = 0; i < sizeof(sc->pkeys)/sizeof(sc->pkeys[0]); i++) {
 		char name[8];