From eb943e7b13bc94fb32ccaa5f0b2603c907a71ba0 Mon Sep 17 00:00:00 2001 From: Yonghua Huang Date: Tue, 22 May 2018 18:39:08 +0800 Subject: [PATCH] DM:fix the possible buffer overflow issue using 'strncpy' function 'strncpy' may incorrectly check buffer boundaries and may overflow buffers. Signed-off-by: Yonghua Huang --- devicemodel/core/sw_load_bzimage.c | 4 ++-- devicemodel/core/sw_load_common.c | 2 +- devicemodel/core/sw_load_vsbl.c | 4 ++-- devicemodel/hw/platform/acpi/acpi.c | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/devicemodel/core/sw_load_bzimage.c b/devicemodel/core/sw_load_bzimage.c index ce35dfa48..f2de09c31 100644 --- a/devicemodel/core/sw_load_bzimage.c +++ b/devicemodel/core/sw_load_bzimage.c @@ -128,7 +128,7 @@ acrn_get_bzimage_setup_size(struct vmctx *ctx) int acrn_parse_kernel(char *arg) { - int len = strlen(arg); + size_t len = strlen(arg); if (len < STR_LEN) { strncpy(kernel_path, arg, len); @@ -148,7 +148,7 @@ acrn_parse_kernel(char *arg) int acrn_parse_ramdisk(char *arg) { - int len = strlen(arg); + size_t len = strlen(arg); if (len < STR_LEN) { strncpy(ramdisk_path, arg, len); diff --git a/devicemodel/core/sw_load_common.c b/devicemodel/core/sw_load_common.c index 27131f6cf..70a94d196 100644 --- a/devicemodel/core/sw_load_common.c +++ b/devicemodel/core/sw_load_common.c @@ -101,7 +101,7 @@ const struct e820_entry e820_default_entries[NUM_E820_ENTRIES] = { int acrn_parse_bootargs(char *arg) { - int len = strlen(arg); + size_t len = strlen(arg); if (len < STR_LEN) { strncpy(bootargs, arg, len); diff --git a/devicemodel/core/sw_load_vsbl.c b/devicemodel/core/sw_load_vsbl.c index fec53cf23..6385f4095 100644 --- a/devicemodel/core/sw_load_vsbl.c +++ b/devicemodel/core/sw_load_vsbl.c @@ -108,7 +108,7 @@ vsbl_set_bdf(int bnum, int snum, int fnum) int acrn_parse_guest_part_info(char *arg) { - int len = strlen(arg); + size_t len = strlen(arg); if (len < STR_LEN) { strncpy(guest_part_info_path, arg, len); @@ -169,7 +169,7 @@ acrn_prepare_guest_part_info(struct vmctx *ctx) int acrn_parse_vsbl(char *arg) { - int len = strlen(arg); + size_t len = strlen(arg); if (len < STR_LEN) { strncpy(vsbl_path, arg, len); diff --git a/devicemodel/hw/platform/acpi/acpi.c b/devicemodel/hw/platform/acpi/acpi.c index 55f1aa070..3aa6451ed 100644 --- a/devicemodel/hw/platform/acpi/acpi.c +++ b/devicemodel/hw/platform/acpi/acpi.c @@ -908,7 +908,7 @@ basl_make_templates(void) { const char *tmpdir; int err; - int len; + size_t len; err = 0;