The strncpy() function doesn't null terminate the destination string if
the source string is at least as long as the destination. (This behavior
is defined by the C99 specification.) As a result, the destination
string must be null terminated after calling strncpy().
And clang11 static analyzer thus reports following:
genl_family.c:148:2: error: ‘strncpy’ output may be truncated copying 15 bytes
from a string of length 15 [-Werror=stringop-truncation]
148 | strncpy(grp->name, name, GENL_NAMSIZ - 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cc: Felix Fietkau <[email protected]>
References: https://gitlab.com/openwrt/project/libnl-tiny/-/jobs/2495301251#L197
Signed-off-by: Petr Štetiar <[email protected]>
---
genl_family.c | 1 +
include/netlink/genl/family.h | 1 +
2 files changed, 2 insertions(+)
diff --git a/genl_family.c b/genl_family.c
index 221acfa1a7ff..a0d83dc20ce8 100644
--- a/genl_family.c
+++ b/genl_family.c
@@ -146,6 +146,7 @@ int genl_family_add_grp(struct genl_family *family,
uint32_t id,
grp->id = id;
strncpy(grp->name, name, GENL_NAMSIZ - 1);
+ grp->name[GENL_NAMSIZ - 1] = '\0';
nl_list_add_tail(&grp->list, &family->gf_mc_grps);
diff --git a/include/netlink/genl/family.h b/include/netlink/genl/family.h
index 8a1a38ba25d5..ca71181e89f3 100644
--- a/include/netlink/genl/family.h
+++ b/include/netlink/genl/family.h
@@ -82,6 +82,7 @@ static inline char *genl_family_get_name(struct genl_family
*family)
static inline void genl_family_set_name(struct genl_family *family, const char
*name)
{
strncpy(family->gf_name, name, GENL_NAMSIZ-1);
+ family->gf_name[GENL_NAMSIZ - 1] = '\0';
family->ce_mask |= FAMILY_ATTR_NAME;
}
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
