Merge request https://gitlab.rtems.org/rtems/pkg/rtems-lwip/-/merge_requests/28 was reviewed by Gedare Bloom
-- Gedare Bloom started a new discussion on rtemslwip/common/network_compat.c: https://gitlab.rtems.org/rtems/pkg/rtems-lwip/-/merge_requests/28#note_129855 > + return -1; > + } > + strncpy(name, hostname, size); if `size > _POSIX_HOST_NAME_MAX` then this reads from `hostname` out-of-bounds. -- Gedare Bloom started a new discussion on rtemslwip/common/network_compat.c: https://gitlab.rtems.org/rtems/pkg/rtems-lwip/-/merge_requests/28#note_129856 > + } > + strncpy(name, hostname, size); > + if (size < strlen(hostname)+1) { `strlen` is unsafe here if `hostname` isn't null-terminated. -- Gedare Bloom started a new discussion on rtemslwip/common/network_compat.c: https://gitlab.rtems.org/rtems/pkg/rtems-lwip/-/merge_requests/28#note_129857 > + return -1; > + } > + strncpy(name, hostname, size); `if (size == strlen(hostname)` then `name` is not null-terminated by `strncpy`. -- Gedare Bloom started a new discussion on rtemslwip/common/network_compat.c: https://gitlab.rtems.org/rtems/pkg/rtems-lwip/-/merge_requests/28#note_129858 > +} > + > +static char hostname[_POSIX_HOST_NAME_MAX] = {0}; need `+1` if you want to store `hostname` as null-terminated. -- Gedare Bloom started a new discussion on rtemslwip/common/network_compat.c: https://gitlab.rtems.org/rtems/pkg/rtems-lwip/-/merge_requests/28#note_129859 > + return -1; > + } > + strncpy(hostname, name, size); this will not guarantee `hostname` is null-terminated. -- View it on GitLab: https://gitlab.rtems.org/rtems/pkg/rtems-lwip/-/merge_requests/28 You're receiving this email because of your account on gitlab.rtems.org.
_______________________________________________ bugs mailing list [email protected] http://lists.rtems.org/mailman/listinfo/bugs
