From: Laurent Vivier <laurent@vivier.eu>
To: qemu-devel@nongnu.org
Cc: "Paolo Bonzini" <pbonzini@redhat.com>,
"Fabien Chouteau" <chouteau@adacore.com>,
"Viktor Prutyanov" <viktor.prutyanov@phystech.edu>,
"Richard Henderson" <rth@twiddle.net>,
"Thomas Huth" <thuth@redhat.com>,
"Artyom Tarasenko" <atar4qemu@gmail.com>,
"Mark Cave-Ayland" <mark.cave-ayland@ilande.co.uk>,
"Laurent Vivier" <laurent@vivier.eu>,
"Eduardo Habkost" <ehabkost@redhat.com>,
"Andreas Färber" <afaerber@suse.de>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Aurelien Jarno" <aurelien@aurel32.net>,
"Jason Wang" <jasowang@redhat.com>,
qemu-trivial@nongnu.org, "Laurent Vivier" <lvivier@redhat.com>,
"Michael Tokarev" <mjt@tls.msk.ru>,
"Peter Maydell" <peter.maydell@linaro.org>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Michael Roth" <mdroth@linux.vnet.ibm.com>,
"Eric Blake" <eblake@redhat.com>,
"Stefano Garzarella" <sgarzare@redhat.com>
Subject: [Qemu-devel] [PULL 13/13] sockets: avoid string truncation warnings when copying UNIX path
Date: Thu, 2 May 2019 20:58:35 +0200 [thread overview]
Message-ID: <20190502185835.15185-14-laurent@vivier.eu> (raw)
In-Reply-To: <20190502185835.15185-1-laurent@vivier.eu>
From: Daniel P. Berrangé <berrange@redhat.com>
In file included from /usr/include/string.h:494,
from include/qemu/osdep.h:101,
from util/qemu-sockets.c:18:
In function ‘strncpy’,
inlined from ‘unix_connect_saddr.isra.0’ at util/qemu-sockets.c:925:5:
/usr/include/bits/string_fortified.h:106:10: warning: ‘__builtin_strncpy’ specified bound 108 equals destination size [-Wstringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘strncpy’,
inlined from ‘unix_listen_saddr.isra.0’ at util/qemu-sockets.c:880:5:
/usr/include/bits/string_fortified.h:106:10: warning: ‘__builtin_strncpy’ specified bound 108 equals destination size [-Wstringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We are already validating the UNIX socket path length earlier in
the functions. If we save this string length when we first check
it, then we can simply use memcpy instead of strcpy later, avoiding
the gcc truncation warnings.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20190501145052.12579-1-berrange@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
util/qemu-sockets.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 970505169000..ba6335e71a95 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -830,6 +830,7 @@ static int unix_listen_saddr(UnixSocketAddress *saddr,
int sock, fd;
char *pathbuf = NULL;
const char *path;
+ size_t pathlen;
sock = qemu_socket(PF_UNIX, SOCK_STREAM, 0);
if (sock < 0) {
@@ -845,7 +846,8 @@ static int unix_listen_saddr(UnixSocketAddress *saddr,
path = pathbuf = g_strdup_printf("%s/qemu-socket-XXXXXX", tmpdir);
}
- if (strlen(path) > sizeof(un.sun_path)) {
+ pathlen = strlen(path);
+ if (pathlen > sizeof(un.sun_path)) {
error_setg(errp, "UNIX socket path '%s' is too long", path);
error_append_hint(errp, "Path must be less than %zu bytes\n",
sizeof(un.sun_path));
@@ -877,7 +879,7 @@ static int unix_listen_saddr(UnixSocketAddress *saddr,
memset(&un, 0, sizeof(un));
un.sun_family = AF_UNIX;
- strncpy(un.sun_path, path, sizeof(un.sun_path));
+ memcpy(un.sun_path, path, pathlen);
if (bind(sock, (struct sockaddr*) &un, sizeof(un)) < 0) {
error_setg_errno(errp, errno, "Failed to bind socket to %s", path);
@@ -901,6 +903,7 @@ static int unix_connect_saddr(UnixSocketAddress *saddr, Error **errp)
{
struct sockaddr_un un;
int sock, rc;
+ size_t pathlen;
if (saddr->path == NULL) {
error_setg(errp, "unix connect: no path specified");
@@ -913,7 +916,8 @@ static int unix_connect_saddr(UnixSocketAddress *saddr, Error **errp)
return -1;
}
- if (strlen(saddr->path) > sizeof(un.sun_path)) {
+ pathlen = strlen(saddr->path);
+ if (pathlen > sizeof(un.sun_path)) {
error_setg(errp, "UNIX socket path '%s' is too long", saddr->path);
error_append_hint(errp, "Path must be less than %zu bytes\n",
sizeof(un.sun_path));
@@ -922,7 +926,7 @@ static int unix_connect_saddr(UnixSocketAddress *saddr, Error **errp)
memset(&un, 0, sizeof(un));
un.sun_family = AF_UNIX;
- strncpy(un.sun_path, saddr->path, sizeof(un.sun_path));
+ memcpy(un.sun_path, saddr->path, pathlen);
/* connect to peer */
do {
--
2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Laurent Vivier <laurent@vivier.eu>
To: qemu-devel@nongnu.org
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
"Jason Wang" <jasowang@redhat.com>,
"Michael Tokarev" <mjt@tls.msk.ru>,
"Gerd Hoffmann" <kraxel@redhat.com>,
qemu-trivial@nongnu.org,
"Michael Roth" <mdroth@linux.vnet.ibm.com>,
"Artyom Tarasenko" <atar4qemu@gmail.com>,
"Stefano Garzarella" <sgarzare@redhat.com>,
"Laurent Vivier" <lvivier@redhat.com>,
"Thomas Huth" <thuth@redhat.com>,
"Eduardo Habkost" <ehabkost@redhat.com>,
"Mark Cave-Ayland" <mark.cave-ayland@ilande.co.uk>,
"Fabien Chouteau" <chouteau@adacore.com>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Richard Henderson" <rth@twiddle.net>,
"Viktor Prutyanov" <viktor.prutyanov@phystech.edu>,
"Laurent Vivier" <laurent@vivier.eu>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Andreas Färber" <afaerber@suse.de>,
"Aurelien Jarno" <aurelien@aurel32.net>
Subject: [Qemu-devel] [PULL 13/13] sockets: avoid string truncation warnings when copying UNIX path
Date: Thu, 2 May 2019 20:58:35 +0200 [thread overview]
Message-ID: <20190502185835.15185-14-laurent@vivier.eu> (raw)
Message-ID: <20190502185835.ySHE5h2C88XeXW3MaqelOh4SQcIpH5qyjUJDn75zDhg@z> (raw)
In-Reply-To: <20190502185835.15185-1-laurent@vivier.eu>
From: Daniel P. Berrangé <berrange@redhat.com>
In file included from /usr/include/string.h:494,
from include/qemu/osdep.h:101,
from util/qemu-sockets.c:18:
In function ‘strncpy’,
inlined from ‘unix_connect_saddr.isra.0’ at util/qemu-sockets.c:925:5:
/usr/include/bits/string_fortified.h:106:10: warning: ‘__builtin_strncpy’ specified bound 108 equals destination size [-Wstringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘strncpy’,
inlined from ‘unix_listen_saddr.isra.0’ at util/qemu-sockets.c:880:5:
/usr/include/bits/string_fortified.h:106:10: warning: ‘__builtin_strncpy’ specified bound 108 equals destination size [-Wstringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We are already validating the UNIX socket path length earlier in
the functions. If we save this string length when we first check
it, then we can simply use memcpy instead of strcpy later, avoiding
the gcc truncation warnings.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20190501145052.12579-1-berrange@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
util/qemu-sockets.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 970505169000..ba6335e71a95 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -830,6 +830,7 @@ static int unix_listen_saddr(UnixSocketAddress *saddr,
int sock, fd;
char *pathbuf = NULL;
const char *path;
+ size_t pathlen;
sock = qemu_socket(PF_UNIX, SOCK_STREAM, 0);
if (sock < 0) {
@@ -845,7 +846,8 @@ static int unix_listen_saddr(UnixSocketAddress *saddr,
path = pathbuf = g_strdup_printf("%s/qemu-socket-XXXXXX", tmpdir);
}
- if (strlen(path) > sizeof(un.sun_path)) {
+ pathlen = strlen(path);
+ if (pathlen > sizeof(un.sun_path)) {
error_setg(errp, "UNIX socket path '%s' is too long", path);
error_append_hint(errp, "Path must be less than %zu bytes\n",
sizeof(un.sun_path));
@@ -877,7 +879,7 @@ static int unix_listen_saddr(UnixSocketAddress *saddr,
memset(&un, 0, sizeof(un));
un.sun_family = AF_UNIX;
- strncpy(un.sun_path, path, sizeof(un.sun_path));
+ memcpy(un.sun_path, path, pathlen);
if (bind(sock, (struct sockaddr*) &un, sizeof(un)) < 0) {
error_setg_errno(errp, errno, "Failed to bind socket to %s", path);
@@ -901,6 +903,7 @@ static int unix_connect_saddr(UnixSocketAddress *saddr, Error **errp)
{
struct sockaddr_un un;
int sock, rc;
+ size_t pathlen;
if (saddr->path == NULL) {
error_setg(errp, "unix connect: no path specified");
@@ -913,7 +916,8 @@ static int unix_connect_saddr(UnixSocketAddress *saddr, Error **errp)
return -1;
}
- if (strlen(saddr->path) > sizeof(un.sun_path)) {
+ pathlen = strlen(saddr->path);
+ if (pathlen > sizeof(un.sun_path)) {
error_setg(errp, "UNIX socket path '%s' is too long", saddr->path);
error_append_hint(errp, "Path must be less than %zu bytes\n",
sizeof(un.sun_path));
@@ -922,7 +926,7 @@ static int unix_connect_saddr(UnixSocketAddress *saddr, Error **errp)
memset(&un, 0, sizeof(un));
un.sun_family = AF_UNIX;
- strncpy(un.sun_path, saddr->path, sizeof(un.sun_path));
+ memcpy(un.sun_path, saddr->path, pathlen);
/* connect to peer */
do {
--
2.20.1
next prev parent reply other threads:[~2019-05-02 18:59 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-02 18:58 [Qemu-devel] [PULL 00/13] Trivial branch patches Laurent Vivier
2019-05-02 18:58 ` Laurent Vivier
2019-05-02 18:58 ` [Qemu-devel] [PULL 01/13] hw/net/pcnet: Use qemu_log_mask(GUEST_ERROR) instead of printf Laurent Vivier
2019-05-02 18:58 ` Laurent Vivier
2019-05-02 18:58 ` [Qemu-devel] [PULL 02/13] CODING_STYLE: specify the indent rule for multiline code Laurent Vivier
2019-05-02 18:58 ` Laurent Vivier
2019-05-02 18:58 ` [Qemu-devel] [PULL 03/13] CODING_STYLE: indent example code as all others Laurent Vivier
2019-05-02 18:58 ` Laurent Vivier
2019-05-02 18:58 ` [Qemu-devel] [PULL 04/13] Clean up includes Laurent Vivier
2019-05-02 18:58 ` Laurent Vivier
2019-05-02 18:58 ` [Qemu-devel] [PULL 05/13] doc: fix the configuration path Laurent Vivier
2019-05-02 18:58 ` Laurent Vivier
2019-05-02 18:58 ` [Qemu-devel] [PULL 06/13] qom: use object_new_with_type in object_new_with_propv Laurent Vivier
2019-05-02 18:58 ` Laurent Vivier
2019-05-02 18:58 ` [Qemu-devel] [PULL 07/13] configure: fix pam test warning Laurent Vivier
2019-05-02 18:58 ` Laurent Vivier
2019-05-02 18:58 ` [Qemu-devel] [PULL 08/13] Update configure Laurent Vivier
2019-05-02 18:58 ` Laurent Vivier
2019-05-02 18:58 ` [Qemu-devel] [PULL 09/13] Header cleanups Laurent Vivier
2019-05-02 18:58 ` Laurent Vivier
2019-05-02 18:58 ` [Qemu-devel] [PULL 10/13] net: Print output of "-net nic, model=help" to stdout instead of stderr Laurent Vivier
2019-05-02 18:58 ` Laurent Vivier
2019-05-02 18:58 ` [Qemu-devel] [PULL 11/13] Makefile: Let the 'clean' rule remove qemu-ga.exe on Windows hosts Laurent Vivier
2019-05-02 18:58 ` Laurent Vivier
2019-05-02 18:58 ` [Qemu-devel] [PULL 12/13] hw/sparc/leon3: Allow load of uImage firmwares Laurent Vivier
2019-05-02 18:58 ` Laurent Vivier
2019-05-02 18:58 ` Laurent Vivier [this message]
2019-05-02 18:58 ` [Qemu-devel] [PULL 13/13] sockets: avoid string truncation warnings when copying UNIX path Laurent Vivier
2019-05-03 10:34 ` [Qemu-devel] [PULL 00/13] Trivial branch patches Peter Maydell
2019-05-03 10:34 ` Peter Maydell
2019-05-03 11:03 ` Laurent Vivier
2019-05-03 11:03 ` Laurent Vivier
2019-05-03 11:17 ` Alex Bennée
2019-05-03 11:17 ` Alex Bennée
2019-05-08 14:33 ` Markus Armbruster
2019-05-08 14:46 ` Alex Bennée
2019-05-09 8:32 ` Markus Armbruster
2019-05-09 8:53 ` Peter Maydell
2019-05-10 15:04 ` Markus Armbruster
2019-05-10 16:25 ` Peter Maydell
2019-05-10 16:32 ` Peter Maydell
2019-05-10 16:51 ` Markus Armbruster
2019-05-08 14:48 ` Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190502185835.15185-14-laurent@vivier.eu \
--to=laurent@vivier.eu \
--cc=afaerber@suse.de \
--cc=alex.bennee@linaro.org \
--cc=atar4qemu@gmail.com \
--cc=aurelien@aurel32.net \
--cc=berrange@redhat.com \
--cc=chouteau@adacore.com \
--cc=eblake@redhat.com \
--cc=ehabkost@redhat.com \
--cc=jasowang@redhat.com \
--cc=kraxel@redhat.com \
--cc=lvivier@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mark.cave-ayland@ilande.co.uk \
--cc=mdroth@linux.vnet.ibm.com \
--cc=mjt@tls.msk.ru \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-trivial@nongnu.org \
--cc=rth@twiddle.net \
--cc=sgarzare@redhat.com \
--cc=thuth@redhat.com \
--cc=viktor.prutyanov@phystech.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).