Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame^] | 1 | From ae7178a78aba2e5766b70191617113487fd7ad0b Mon Sep 17 00:00:00 2001 |
| 2 | From: Khem Raj <raj.khem@gmail.com> |
| 3 | Date: Mon, 16 Apr 2018 18:29:17 -0700 |
| 4 | Subject: [PATCH] Fix string overflow in snprintf |
| 5 | |
| 6 | Fixes errors like |
| 7 | error: '%s' dir |
| 8 | ective output may be truncated writing up to 255 bytes into a region of size 32 [-Werror=forma |
| 9 | t-truncation=] |
| 10 | snprintf(reinterpret_cast<char *>(Healthy.key), sizeof(Healthy.key), "%s", |
| 11 | ^~~~ |
| 12 | hlth_str); |
| 13 | ~~~~~~~~ |
| 14 | |
| 15 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
| 16 | |
| 17 | --- |
| 18 | src/log/logd/lgs_util.cc | 4 ++-- |
| 19 | src/rde/rded/rde_amf.cc | 2 +- |
| 20 | src/smf/smfd/SmfUpgradeCampaign.cc | 4 ++-- |
| 21 | 3 files changed, 5 insertions(+), 5 deletions(-) |
| 22 | |
| 23 | diff --git a/src/log/logd/lgs_util.cc b/src/log/logd/lgs_util.cc |
| 24 | index ac93d5a..cce80f3 100644 |
| 25 | --- a/src/log/logd/lgs_util.cc |
| 26 | +++ b/src/log/logd/lgs_util.cc |
| 27 | @@ -200,12 +200,12 @@ char *lgs_get_time(time_t *time_in) { |
| 28 | |
| 29 | stringSize = 5 * sizeof(char); |
| 30 | snprintf(srcString, (size_t)stringSize, "%d", |
| 31 | - (timeStampData->tm_year + START_YEAR)); |
| 32 | + (timeStampData->tm_year + START_YEAR) & 0x4dU); |
| 33 | |
| 34 | strncpy(timeStampString, srcString, stringSize); |
| 35 | |
| 36 | stringSize = 3 * sizeof(char); |
| 37 | - snprintf(srcString, (size_t)stringSize, "%02d", (timeStampData->tm_mon + 1)); |
| 38 | + snprintf(srcString, (size_t)stringSize, "%02d", (timeStampData->tm_mon + 1) & 0x2dU); |
| 39 | |
| 40 | strncat(timeStampString, srcString, stringSize); |
| 41 | |
| 42 | diff --git a/src/rde/rded/rde_amf.cc b/src/rde/rded/rde_amf.cc |
| 43 | index 81e521e..d53cc48 100644 |
| 44 | --- a/src/rde/rded/rde_amf.cc |
| 45 | +++ b/src/rde/rded/rde_amf.cc |
| 46 | @@ -102,7 +102,7 @@ static uint32_t rde_amf_healthcheck_start(RDE_AMF_CB *rde_amf_cb) { |
| 47 | SaAmfHealthcheckKeyT Healthy; |
| 48 | SaNameT SaCompName; |
| 49 | char *phlth_ptr; |
| 50 | - char hlth_str[256]; |
| 51 | + char hlth_str[32]; |
| 52 | |
| 53 | TRACE_ENTER(); |
| 54 | |
| 55 | diff --git a/src/smf/smfd/SmfUpgradeCampaign.cc b/src/smf/smfd/SmfUpgradeCampaign.cc |
| 56 | index 45cdce8..6761bcf 100644 |
| 57 | --- a/src/smf/smfd/SmfUpgradeCampaign.cc |
| 58 | +++ b/src/smf/smfd/SmfUpgradeCampaign.cc |
| 59 | @@ -447,7 +447,7 @@ SaAisErrorT SmfUpgradeCampaign::tooManyRestarts(bool *o_result) { |
| 60 | TRACE_ENTER(); |
| 61 | SaAisErrorT rc = SA_AIS_OK; |
| 62 | SaImmAttrValuesT_2 **attributes; |
| 63 | - int curCnt = 0; |
| 64 | + short int curCnt = 0; |
| 65 | |
| 66 | /* Read the SmfCampRestartInfo object smfCampRestartCnt attr */ |
| 67 | std::string obj = "smfRestartInfo=info," + |
| 68 | @@ -473,7 +473,7 @@ SaAisErrorT SmfUpgradeCampaign::tooManyRestarts(bool *o_result) { |
| 69 | attrsmfCampRestartCnt.setName("smfCampRestartCnt"); |
| 70 | attrsmfCampRestartCnt.setType("SA_IMM_ATTR_SAUINT32T"); |
| 71 | char buf[5]; |
| 72 | - snprintf(buf, 4, "%d", curCnt); |
| 73 | + snprintf(buf, 4, "%hd", curCnt); |
| 74 | attrsmfCampRestartCnt.addValue(buf); |
| 75 | imoCampRestartInfo.addValue(attrsmfCampRestartCnt); |
| 76 | |