dm: use strncpy to replace strcpy

Use strncpy instead of strcpy to avoid buf overflow. Fix strncpy null-terminated issues. Tracked-On: projectacrn#3245 Signed-off-by: Tianhua Sun <[email protected]> Acked-by: Anthony Xu <[email protected]>
yonghuah · Jun 19, 2019 · 1e1244c · 1e1244c
1 parent 0ea788b
commit 1e1244c
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 3 deletions.
diff --git a/devicemodel/hw/pci/virtio/virtio_audio.c b/devicemodel/hw/pci/virtio/virtio_audio.c
@@ -121,6 +121,7 @@ virtio_audio_kernel_dev_set(struct vbs_dev_info *kdev, const char *name,
 {
 	/* init kdev */
 	strncpy(kdev->name, name, VBS_NAME_LEN);
+	kdev->name[VBS_NAME_LEN - 1] = '\0';
 	kdev->vmid = vmid;
 	kdev->nvq = nvq;
 	kdev->negotiated_features = feature;

diff --git a/devicemodel/hw/pci/virtio/virtio_console.c b/devicemodel/hw/pci/virtio/virtio_console.c
@@ -625,7 +625,8 @@ virtio_console_accept_new_connection(int fd __attribute__((unused)),
 
 	memset(&addr, 0, sizeof(addr));
 	addr.sun_family = AF_UNIX;
-	strcpy(addr.sun_path, be->portpath);
+	strncpy(addr.sun_path, be->portpath, sizeof(addr.sun_path));
+	addr.sun_path[sizeof(addr.sun_path) - 1] = '\0';
 
 	len = sizeof(addr);
 	accepted_fd = accept(be->fd, (struct sockaddr *)&addr, &len);
@@ -728,7 +729,8 @@ virtio_console_config_backend(struct virtio_console_backend *be)
 
 		memset(&addr, 0, sizeof(addr));
 		addr.sun_family = AF_UNIX;
-		strcpy(addr.sun_path, be->portpath);
+		strncpy(addr.sun_path, be->portpath, sizeof(addr.sun_path));
+		addr.sun_path[sizeof(addr.sun_path) - 1] = '\0';
 
 		if (be->socket_type == NULL || !strcmp(be->socket_type,"server")) {
 			unlink(be->portpath);

diff --git a/devicemodel/hw/pci/virtio/virtio_hyper_dmabuf.c b/devicemodel/hw/pci/virtio/virtio_hyper_dmabuf.c
@@ -116,6 +116,7 @@ virtio_hyper_dmabuf_k_dev_set(const char *name, int vmid, int nvq,
 {
 	/* init kdev */
 	strncpy(kdev.name, name, VBS_NAME_LEN);
+	kdev.name[VBS_NAME_LEN - 1] = '\0';
 	kdev.vmid = vmid;
 	kdev.nvq = nvq;
 	kdev.negotiated_features = feature;

diff --git a/devicemodel/hw/pci/virtio/virtio_net.c b/devicemodel/hw/pci/virtio/virtio_net.c
@@ -652,8 +652,10 @@ virtio_net_tap_open(char *devname)
 	memset(&ifr, 0, sizeof(ifr));
 	ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
 
-	if (*devname)
+	if (*devname) {
 		strncpy(ifr.ifr_name, devname, IFNAMSIZ);
+		ifr.ifr_name[IFNAMSIZ - 1] = '\0';
+	}
 
 	rc = ioctl(tunfd, TUNSETIFF, (void *)&ifr);
 	if (rc < 0) {

diff --git a/devicemodel/hw/pci/virtio/virtio_rnd.c b/devicemodel/hw/pci/virtio/virtio_rnd.c
@@ -217,6 +217,7 @@ virtio_rnd_kernel_dev_set(struct vbs_dev_info *kdev, const char *name,
 
 	/* init kdev */
 	strncpy(kdev->name, name, VBS_NAME_LEN);
+	kdev->name[VBS_NAME_LEN - 1] = '\0';
 	kdev->vmid = vmid;
 	kdev->nvq = nvq;
 	kdev->negotiated_features = feature;