[PATCH] cpukit/libpci: fix potential buffer overflow in pci_cfg_print_code.c
Joel Sherrill
joel at rtems.org
Wed May 26 20:45:10 UTC 2021
On Wed, May 26, 2021 at 1:58 PM Harrison Edward Gerber <gerberhe11 at gmail.com>
wrote:
> See also CID 1399721
> Closes #4442
>
Blank line between these.
But otherwise I think this looks good.
Gedare... this looks like a good paper on this family of methods for
advice on safe programming:
https://www.sudo.ws/todd/papers/strlcpy.html
Should we put a discussion of this type of issue in the Coding Style
and reference it?
> ---
> cpukit/libpci/pci_cfg_print_code.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/cpukit/libpci/pci_cfg_print_code.c
> b/cpukit/libpci/pci_cfg_print_code.c
> index e758fa661a..e0979db74a 100644
> --- a/cpukit/libpci/pci_cfg_print_code.c
> +++ b/cpukit/libpci/pci_cfg_print_code.c
> @@ -65,8 +65,8 @@ static void pci_cfg_print_device(struct pci_dev *dev,
> char *prefix)
> char name[32];
> char buf[8];
> printf("%s.resources = {\n", prefix);
> - strcpy(buf, prefix);
> - strcat(buf, "\t");
> + strlcpy(buf, prefix, sizeof(buf));
> + strlcat(buf, "\t", sizeof(buf));
> pci_cfg_print_resources(dev->resources, buf);
> printf("%s},\n", prefix);
> if (dev->next == NULL) {
> --
> 2.25.1
>
> _______________________________________________
> devel mailing list
> devel at rtems.org
> http://lists.rtems.org/mailman/listinfo/devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/devel/attachments/20210526/5afff367/attachment.html>
More information about the devel
mailing list