Hi, I did a static analysis of linuxPTP. Among them, the violation alarm that occurred for the clock.c source code was analyzed and corrected from the viewpoint of security.
I have questions among them, so I send an email. 1.In the text->length=c->desc.userDescription.length part of clock.c line 368, the length declared in the static_ptp_text structure is of type signed int and the length declared in the text structure is unsigned int. Why did you write the code like this? Assigning Signed integers to unsigned integers can lead to overflow problems. 2. The memcpy function is vulnerable to security. Wouldn't it be correct to use memcpy_s instead of memcpy function? Thanks.
_______________________________________________ Linuxptp-devel mailing list Linuxptp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linuxptp-devel
