In recent scans I noticed a few warnings appearing due to possible incorrect use strncpy and alike in libreswan code. These are probably not exploits immediately, because these strings seems to come after other checks. However, scans generate annoying warnings! If we avoid those may be Hugh's eyes hurt less!
"Discouraged or forbidden C functions" https://libreswan.org/wiki/Discouraged_or_forbidden_C_functions The new ones are coming in faster than Hugh (occasionally and I) can fix:) Here is an example fix of fix:) *** CID 1454237: Memory - illegal accesses (BUFFER_SIZE_WARNING) /lib/libswan/alg_info.c: 379 in parser_alg_info_add() 373 /* <ealg> missing */ 374 return err_buf; 375 } 376 end--; 377 } while (isdigit(*end)); 378 /* save for logging */ >>> CID 1454237: Memory - illegal accesses (BUFFER_SIZE_WARNING) >>> Calling strncpy with a maximum size argument of 20 bytes on >>> destination array "p_ctx->eklen_buf" of size 20 +bytes might leave the destination string unterminated. 379 strncpy(p_ctx->eklen_buf, end + 1, sizeof(p_ctx->eklen_buf)); 380 int enckeylen = parse_eklen(err_buf, err_buf_len, end + 1); 381 if (enckeylen <= 0) { 382 passert(err_buf[0] != '\0'); 383 return err_buf; 384 } _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
