The following commit has been merged in the master branch:
commit 00b31c7bae017cbda9d9cf9b7d61299f882d9f12
Author: Cheyenne Wills <[email protected]>
Date: Thu Sep 12 10:05:55 2024 -0600
uss: Replace strcat with safer method
The grammar.y file uses a series of strcat's to build the accesslist
from the parsed tokens. There is no checking to see if the result
exceeds the size of the output buffer.
Replace the strcpy/strcat's with a simple snprintf that concatenates
the tokens, and check to see if the snprintf failed.
If there was an error concatenating the tokens, emit a message.
NOTE: With --enable-checking a build error occurs on an Ubuntu 24.04
system, where the default _FORTIFY_SOURCE is set to 3 (hardened). The
build produces the following:
...
inlined from ‘yyparse’ at ./grammar.y:130:26:
/usr/include/.../string_fortified.h:130:10: error:
‘__builtin___strcat_chk’ writing 2 bytes into a region of size 0 overflows the
destination [-Werror=stringop-overflow=]
130 | return __builtin___strcat_chk (__dest, __src, __glibc_objsize
(__dest));
...(repeated for the other uses of strcat)...
The build error can be duplicated by setting _FORTIFY_SOURCE to 3.
Change-Id: I97e8a562f12d2a9f60a31d3b5a6f77a8458e7275
Reviewed-on: https://gerrit.openafs.org/15845
Tested-by: BuildBot <[email protected]>
Reviewed-by: Cheyenne Wills <[email protected]>
Reviewed-by: Michael Meffie <[email protected]>
Reviewed-by: Andrew Deason <[email protected]>
src/uss/grammar.y | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
--
OpenAFS Master Repository
_______________________________________________
OpenAFS-cvs mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-cvs
