URL: <https://savannah.gnu.org/bugs/?66296>
Summary: rshd.c string overflow warning
Group: GNU Networking Utilities
Submitter: themusicgod1
Submitted: Sat 05 Oct 2024 10:48:53 AM CDT
Category: None
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Sat 05 Oct 2024 10:48:53 AM CDT By: Jeffrey Cliff <themusicgod1>
inetutils: 2.5
gcc: (GCC) 15.0.0 20240509 (experimental)
rshd.c:1923:3: warning: 'strncat' specified bound 13 equals source length
[-Wstringop-overflow=]
1923 | strncat (path, PATH_DEFPATH, sizeof (path) - sizeof ("PATH=") - 1);
if i'm reading this right, increasing the size of the "path" string by one
should should fix this:
--- inetutils-2.5/src/rshd.c 2023-12-29 11:34:46.000000000 -0600
+++ inetutils-2.5-works/src/rshd.c 2024-10-05 09:47:18.126254725 -0600
@@ -411,7 +411,7 @@
char logname[32 + sizeof ("LOGNAME=")] = "LOGNAME=";
char homedir[256 + sizeof ("HOME=")] = "HOME=";
char shell[64 + sizeof ("SHELL=")] = "SHELL=";
-char path[sizeof (PATH_DEFPATH) + sizeof ("PATH=")] = "PATH=";
+char path[sizeof (PATH_DEFPATH) + sizeof ("PATH=")+1] = "PATH=";
char rhost[128 + sizeof ("RHOST=")] = "RHOST=";
#ifndef WITH_PAM
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?66296>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
