From patchwork Mon May 23 19:15:32 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= <ynezz@true.cz>
X-Patchwork-Id: 1634729
X-Patchwork-Delegate: ynezz@true.cz
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: bilbo.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=YeZeq/d5;
	dkim=fail reason="key not found in DNS" header.d=true.cz header.i=@true.cz
 header.a=rsa-sha256 header.s=xnet header.b=TBmAGkA4;
	dkim-atps=neutral
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org
 (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=<UNKNOWN>)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:3::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4L6Rtj6LzQz9sG2
	for <incoming@patchwork.ozlabs.org>; Tue, 24 May 2022 05:18:05 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc
	:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=fWdYkrBrl9Bw9Lb7Oiko0DBaI719/NWVrZObbxl85Aw=; b=YeZeq/d54qY/pl
	IzmEJ0XW1W3njCka9YLyOsvUtuDJOCyQ/2K3WuP4qlligDdMzE18+MhVwA5LyY4FjOT/lmtc42nIN
	e0VwxjpwuE1kHNNzqA0PL5DfWDX6LdxAB+NeZe7cZ19/KMRCXrCM4Cyg1TGx5obmGhVt/avShd+Ij
	5LnYSnN7skosny0KNI615uleUF7ZFAgxB5NIT5fjpxIdnlHdEp22Hv/77CpF2Wma0yukMmu3HOyif
	d62CYjPBuD0QS9DZi55PeE/J4xE6xui8iZNG4Mc8f4A0DB1+B6h8zI1CPV4+Nru2AJdOV8wjtv/+s
	biN0SZf3YgYktsaTflcw==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1ntDWx-005feB-VB; Mon, 23 May 2022 19:15:52 +0000
Received: from smtp-out.xnet.cz ([178.217.244.18])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1ntDWs-005fdN-Mo
 for openwrt-devel@lists.openwrt.org; Mon, 23 May 2022 19:15:49 +0000
Received: from meh.true.cz (meh.true.cz [108.61.167.218])
 (Authenticated sender: petr@true.cz)
 by smtp-out.xnet.cz (Postfix) with ESMTPSA id 2E9D218D54;
 Mon, 23 May 2022 21:15:42 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=true.cz; s=xnet;
 t=1653333342; bh=JX9YoJWiqp1pjvAAFN/Xe8jiYCO8tuGOeN5vFA4DkUQ=;
 h=From:To:Cc:Subject:Date;
 b=TBmAGkA4/LpCgRadlpsc9uE5R/ZgeoL2ktJiMfbzck/kYGfSYn0QMpPIemaRw66Ue
 kwBqnJN/KJQwOLOcGP5LQ1CyMQ8Vpwp8z6f4GP0XmyN/YWBXIBCB76jlf2+Q7ruRI8
 XZHI8eLppnNSlc4UfW1lDxYvgKZeQtjN6QxBmXLQ=
Received: by meh.true.cz (OpenSMTPD) with ESMTP id 8d264eac;
 Mon, 23 May 2022 21:15:18 +0200 (CEST)
From: =?utf-8?q?Petr_=C5=A0tetiar?= <ynezz@true.cz>
To: openwrt-devel@lists.openwrt.org
Cc: =?utf-8?q?Petr_=C5=A0tetiar?= <ynezz@true.cz>,
 Felix Fietkau <nbd@nbd.name>
Subject: [PATCH libnl-tiny] genl_family: explicitly null terminate strncpy
 destination buffer
Date: Mon, 23 May 2022 21:15:32 +0200
Message-Id: <20220523191532.22301-1-ynezz@true.cz>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20220523_121547_225998_25C2169D 
X-CRM114-Status: UNSURE (   7.32  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: 0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: The strncpy() function doesn't null terminate the
 destination
 string if the source string is at least as long as the destination. (This
 behavior is defined by the C99 specification.) As a result, the [...]
 Content analysis details:   (0.2 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 0.1 DKIM_INVALID           DKIM or DK signature exists, but is not valid
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

The strncpy() function doesn't null terminate the destination string if
the source string is at least as long as the destination. (This behavior
is defined by the C99 specification.) As a result, the destination
string must be null terminated after calling strncpy().

And clang11 static analyzer thus reports following:

 genl_family.c:148:2: error: ‘strncpy’ output may be truncated copying 15 bytes from a string of length 15 [-Werror=stringop-truncation]
   148 |  strncpy(grp->name, name, GENL_NAMSIZ - 1);
       |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Cc: Felix Fietkau <nbd@nbd.name>
References: https://gitlab.com/openwrt/project/libnl-tiny/-/jobs/2495301251#L197
Signed-off-by: Petr Štetiar <ynezz@true.cz>
---
 genl_family.c                 | 1 +
 include/netlink/genl/family.h | 1 +
 2 files changed, 2 insertions(+)

diff --git a/genl_family.c b/genl_family.c
index 221acfa1a7ff..a0d83dc20ce8 100644
--- a/genl_family.c
+++ b/genl_family.c
@@ -146,6 +146,7 @@ int genl_family_add_grp(struct genl_family *family, uint32_t id,
 
 	grp->id = id;
 	strncpy(grp->name, name, GENL_NAMSIZ - 1);
+	grp->name[GENL_NAMSIZ - 1] = '\0';
 
 	nl_list_add_tail(&grp->list, &family->gf_mc_grps);
 
diff --git a/include/netlink/genl/family.h b/include/netlink/genl/family.h
index 8a1a38ba25d5..ca71181e89f3 100644
--- a/include/netlink/genl/family.h
+++ b/include/netlink/genl/family.h
@@ -82,6 +82,7 @@ static inline char *genl_family_get_name(struct genl_family *family)
 static inline void genl_family_set_name(struct genl_family *family, const char *name)
 {
 	strncpy(family->gf_name, name, GENL_NAMSIZ-1);
+	family->gf_name[GENL_NAMSIZ - 1] = '\0';
 	family->ce_mask |= FAMILY_ATTR_NAME;
 }