http://defect.opensolaris.org/bz/show_bug.cgi?id=11631
Summary: use of str functions in nwam_set_name() is broken
Classification: Development
Product: nwam
Version: unspecified
Platform: ANY/Generic
OS/Version: All
Status: NEW
Severity: normal
Priority: P4
Component: ON library
AssignedTo: nwam-dev at opensolaris.org
ReportedBy: michael.hunter at sun.com
QAContact: nwam-dev at opensolaris.org
--- Comment #0 from Michael Hunter <michael.hunter at sun.com> 2009-09-30
04:27:11 UTC ---
Annotated issues below:
>nwam_error_t
>nwam_set_name(struct nwam_handle *hp, const char *name)
>{
> assert(hp != NULL && name != NULL);
>
> if (strnlen(name, NWAM_MAX_NAME_LEN) > NWAM_MAX_NAME_LEN)
> return (NWAM_INVALID_ARG);
This can't happen as strnlen returns min(strlen(name), NWAM_MAX_NAME_LEN).
>
> /* If names are not the same, record original name for commit time. */
> if (strcmp(name, hp->nwh_name) != 0) {
> if (hp->nwh_name_orig[0] == '\0') {
> (void) strlcpy(hp->nwh_name_orig, hp->nwh_name,
> strlen(hp->nwh_name) + 1);
> }
> (void) strlcpy(hp->nwh_name, name, strlen(name) + 1);
The use strlcpy() make no sense. strlcpy() or strlen() are going to run off
the end of the second argument equally. OTOH if sizeof (hp->nwh_name_orig) is
passed then at least they will be checked against the static length of the
target array.
> }
> return (NWAM_SUCCESS);
>}
--
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
