From nobody Fri May 3 10:31:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1531825828080321.61210400554205; Tue, 17 Jul 2018 04:10:28 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 713BCC057F87; Tue, 17 Jul 2018 11:10:26 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2FD7D5C20D; Tue, 17 Jul 2018 11:10:26 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C3F2A3F64F; Tue, 17 Jul 2018 11:10:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w6HBA359029103 for ; Tue, 17 Jul 2018 07:10:03 -0400 Received: by smtp.corp.redhat.com (Postfix) id 97F517C33; Tue, 17 Jul 2018 11:10:03 +0000 (UTC) Received: from inaba.usersys.redhat.com (unknown [10.43.2.44]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 38A0A7C57 for ; Tue, 17 Jul 2018 11:10:03 +0000 (UTC) From: Andrea Bolognani To: libvir-list@redhat.com Date: Tue, 17 Jul 2018 13:09:55 +0200 Message-Id: <20180717110957.12036-2-abologna@redhat.com> In-Reply-To: <20180717110957.12036-1-abologna@redhat.com> References: <20180717110957.12036-1-abologna@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 1/3] src: Use virStrcpyStatic() to avoid truncation X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Tue, 17 Jul 2018 11:10:27 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The way virStrncpy() is called here will never result in buffer overflow, but it won't prevent or detect truncation either, despite what the error message might suggest. Use virStrcpyStatic(), which does all of the above, instead. Signed-off-by: Andrea Bolognani --- src/esx/esx_driver.c | 4 +--- src/hyperv/hyperv_driver.c | 3 +-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c index 947b7c1a31..edd21b9d28 100644 --- a/src/esx/esx_driver.c +++ b/src/esx/esx_driver.c @@ -1317,9 +1317,7 @@ esxNodeGetInfo(virConnectPtr conn, virNodeInfoPtr nod= einfo) ++ptr; } =20 - if (!virStrncpy(nodeinfo->model, dynamicProperty->val->string, - sizeof(nodeinfo->model) - 1, - sizeof(nodeinfo->model))) { + if (!virStrcpyStatic(nodeinfo->model, dynamicProperty->val->st= ring)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("CPU Model %s too long for destination"), dynamicProperty->val->string); diff --git a/src/hyperv/hyperv_driver.c b/src/hyperv/hyperv_driver.c index a85943668c..6f74adf372 100644 --- a/src/hyperv/hyperv_driver.c +++ b/src/hyperv/hyperv_driver.c @@ -307,8 +307,7 @@ hypervNodeGetInfo(virConnectPtr conn, virNodeInfoPtr in= fo) } =20 /* Fill struct */ - if (virStrncpy(info->model, processorList->data.common->Name, - sizeof(info->model) - 1, sizeof(info->model)) =3D=3D NU= LL) { + if (virStrcpyStatic(info->model, processorList->data.common->Name) =3D= =3D NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("CPU model %s too long for destination"), processorList->data.common->Name); --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri May 3 10:31:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1531825811802904.9633583543483; Tue, 17 Jul 2018 04:10:11 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0416E4ACBC; Tue, 17 Jul 2018 11:10:09 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 721E0CB1A8; Tue, 17 Jul 2018 11:10:08 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 946313F7CC; Tue, 17 Jul 2018 11:10:06 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w6HBA4cJ029111 for ; Tue, 17 Jul 2018 07:10:04 -0400 Received: by smtp.corp.redhat.com (Postfix) id 418417C33; Tue, 17 Jul 2018 11:10:04 +0000 (UTC) Received: from inaba.usersys.redhat.com (unknown [10.43.2.44]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D56357C40 for ; Tue, 17 Jul 2018 11:10:03 +0000 (UTC) From: Andrea Bolognani To: libvir-list@redhat.com Date: Tue, 17 Jul 2018 13:09:56 +0200 Message-Id: <20180717110957.12036-3-abologna@redhat.com> In-Reply-To: <20180717110957.12036-1-abologna@redhat.com> References: <20180717110957.12036-1-abologna@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 2/3] src: Use virStrcpyStatic() wherever possible X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 17 Jul 2018 11:10:10 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" This convenience macro was created for the simple cases where the length of the source string and the size of the destination buffer can be figued out with strlen() and sizeof() respectively, so we should use it wherever possible instead of open-coding parts of it. Signed-off-by: Andrea Bolognani --- src/conf/nwfilter_conf.c | 3 +-- src/util/virfdstream.c | 2 +- src/util/virlog.c | 5 ++--- src/util/virnetdev.c | 3 +-- src/xenconfig/xen_xl.c | 17 ++++------------- 5 files changed, 9 insertions(+), 21 deletions(-) diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c index 706e803a25..36a7315880 100644 --- a/src/conf/nwfilter_conf.c +++ b/src/conf/nwfilter_conf.c @@ -966,8 +966,7 @@ ipsetValidator(enum attrDatatype datatype ATTRIBUTE_UNU= SED, { const char *errmsg =3D NULL; =20 - if (virStrcpy(item->u.ipset.setname, val->c, - sizeof(item->u.ipset.setname)) =3D=3D NULL) { + if (virStrcpyStatic(item->u.ipset.setname, val->c) =3D=3D NULL) { errmsg =3D _("ipset name is too long"); goto arg_err_exit; } diff --git a/src/util/virfdstream.c b/src/util/virfdstream.c index 8189559964..f4777cfd12 100644 --- a/src/util/virfdstream.c +++ b/src/util/virfdstream.c @@ -1183,7 +1183,7 @@ int virFDStreamConnectUNIX(virStreamPtr st, goto error; sa.sun_path[0] =3D '\0'; } else { - if (virStrcpy(sa.sun_path, path, sizeof(sa.sun_path)) =3D=3D NULL) + if (virStrcpyStatic(sa.sun_path, path) =3D=3D NULL) goto error; } =20 diff --git a/src/util/virlog.c b/src/util/virlog.c index e008dd9c54..9d569057ae 100644 --- a/src/util/virlog.c +++ b/src/util/virlog.c @@ -284,8 +284,7 @@ virLogOnceInit(void) */ r =3D gethostname(virLogHostname, sizeof(virLogHostname)); if (r =3D=3D -1) { - ignore_value(virStrcpy(virLogHostname, - "(unknown)", sizeof(virLogHostname))); + ignore_value(virStrcpyStatic(virLogHostname, "(unknown)")); } else { NUL_TERMINATE(virLogHostname); } @@ -1027,7 +1026,7 @@ virLogOutputToJournald(virLogSourcePtr source, =20 memset(&sa, 0, sizeof(sa)); sa.sun_family =3D AF_UNIX; - if (!virStrcpy(sa.sun_path, "/run/systemd/journal/socket", sizeof(sa.s= un_path))) + if (!virStrcpyStatic(sa.sun_path, "/run/systemd/journal/socket")) return; =20 memset(&mh, 0, sizeof(mh)); diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c index c20022fbc9..57ebd0ec03 100644 --- a/src/util/virnetdev.c +++ b/src/util/virnetdev.c @@ -914,8 +914,7 @@ int virNetDevGetIndex(const char *ifname, int *ifindex) =20 memset(&ifreq, 0, sizeof(ifreq)); =20 - if (virStrncpy(ifreq.ifr_name, ifname, strlen(ifname), - sizeof(ifreq.ifr_name)) =3D=3D NULL) { + if (virStrcpyStatic(ifreq.ifr_name, ifname) =3D=3D NULL) { virReportSystemError(ERANGE, _("invalid interface name %s"), ifname); diff --git a/src/xenconfig/xen_xl.c b/src/xenconfig/xen_xl.c index f0d9177cec..807fe621d6 100644 --- a/src/xenconfig/xen_xl.c +++ b/src/xenconfig/xen_xl.c @@ -475,15 +475,12 @@ xenParseXLVnuma(virConfPtr conf, data++; =20 if (*data) { - size_t len; char vtoken[64]; =20 if (STRPREFIX(str, "pnode")) { unsigned int cellid; =20 - len =3D strlen(data); - if (!virStrncpy(vtoken, data, - len, sizeof(vtoken))) { + if (!virStrcpyStatic(vtoken, data)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("vnuma vnode %zu pnode '%s' t= oo long for destination"), vnodeCnt, data); @@ -499,9 +496,7 @@ xenParseXLVnuma(virConfPtr conf, } pnode =3D cellid; } else if (STRPREFIX(str, "size")) { - len =3D strlen(data); - if (!virStrncpy(vtoken, data, - len, sizeof(vtoken))) { + if (!virStrcpyStatic(vtoken, data)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("vnuma vnode %zu size '%s' to= o long for destination"), vnodeCnt, data); @@ -514,9 +509,7 @@ xenParseXLVnuma(virConfPtr conf, virDomainNumaSetNodeMemorySize(numa, vnodeCnt, (kb= size * 1024)); =20 } else if (STRPREFIX(str, "vcpus")) { - len =3D strlen(data); - if (!virStrncpy(vtoken, data, - len, sizeof(vtoken))) { + if (!virStrcpyStatic(vtoken, data)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("vnuma vnode %zu vcpus '%s' t= oo long for destination"), vnodeCnt, data); @@ -533,9 +526,7 @@ xenParseXLVnuma(virConfPtr conf, size_t i, ndistances; unsigned int value; =20 - len =3D strlen(data); - if (!virStrncpy(vtoken, data, - len, sizeof(vtoken))) { + if (!virStrcpyStatic(vtoken, data)) { virReportError(VIR_ERR_INTERNAL_ERROR, _("vnuma vnode %zu vdistances '= %s' too long for destination"), vnodeCnt, data); --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri May 3 10:31:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1531825822582720.0548049323278; Tue, 17 Jul 2018 04:10:22 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 49FF9307D867; Tue, 17 Jul 2018 11:10:21 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0CCA21949A; Tue, 17 Jul 2018 11:10:21 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A153E18037EF; Tue, 17 Jul 2018 11:10:20 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w6HBA4wr029118 for ; Tue, 17 Jul 2018 07:10:05 -0400 Received: by smtp.corp.redhat.com (Postfix) id DC6457C33; Tue, 17 Jul 2018 11:10:04 +0000 (UTC) Received: from inaba.usersys.redhat.com (unknown [10.43.2.44]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7D9CF7C4D for ; Tue, 17 Jul 2018 11:10:04 +0000 (UTC) From: Andrea Bolognani To: libvir-list@redhat.com Date: Tue, 17 Jul 2018 13:09:57 +0200 Message-Id: <20180717110957.12036-4-abologna@redhat.com> In-Reply-To: <20180717110957.12036-1-abologna@redhat.com> References: <20180717110957.12036-1-abologna@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 3/3] m4: Work around MinGW detection of strncpy() usage X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Tue, 17 Jul 2018 11:10:21 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" With the recent update in Fedora Rawhide, MinGW has started freaking out about our use of strncpy(): In function 'virStrncpy', inlined from 'virStrcpy' at ../../src/util/virstring.c:811:12: ../../src/util/virstring.c:789:11: error: 'strncpy' output truncated befo= re terminating nul copying as many bytes from a string as its length [-Werr= or=3Dstringop-truncation] ret =3D strncpy(dest, src, n); ^~~~~~~~~~~~~~~~~~~~~ ../../src/util/virstring.c: In function 'virStrcpy': ../../src/util/virstring.c:811:12: note: length computed here return virStrncpy(dest, src, strlen(src), destbytes); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ What the compiler is not detecting is that we perform proper bound checking right before calling the function, which makes our use of it perfectly safe. Signed-off-by: Andrea Bolognani --- Kind of a big hammer, so if you have a better approach in mind please don't hesitate to step forward. cfg.mk | 2 +- m4/virt-compile-warnings.m4 | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/cfg.mk b/cfg.mk index 609ae869c2..d059f803eb 100644 --- a/cfg.mk +++ b/cfg.mk @@ -1240,7 +1240,7 @@ exclude_file_name_regexp--sc_prohibit_setuid =3D ^src= /util/virutil\.c$$ exclude_file_name_regexp--sc_prohibit_sprintf =3D \ ^(cfg\.mk|docs/hacking\.html\.in|.*\.stp|.*\.pl)$$ =20 -exclude_file_name_regexp--sc_prohibit_strncpy =3D ^src/util/virstring\.c$$ +exclude_file_name_regexp--sc_prohibit_strncpy =3D ^(src/util/virstring\.c|= m4/virt-compile-warnings\.m4)$$ =20 exclude_file_name_regexp--sc_prohibit_strtol =3D ^examples/.*$$ =20 diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4 index fc185aef38..7d71cf2504 100644 --- a/m4/virt-compile-warnings.m4 +++ b/m4/virt-compile-warnings.m4 @@ -243,6 +243,11 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[ wantwarn=3D"$wantwarn -Wno-suggest-attribute=3Dpure" wantwarn=3D"$wantwarn -Wno-suggest-attribute=3Dconst" =20 + # MinGW freaks out about our use of strncpy(), but we perform proper + # bound checking in our wrappers and prevent the underlying POSIX + # functions from being used directly through syntax-check + wantwarn=3D"$wantwarn -Wno-stringop-truncation -Wno-stringop-overflow" + if test "$enable_werror" =3D "yes" then wantwarn=3D"$wantwarn -Werror" --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list