Missing a terminator after strncpy in function Server_jack_init, which may cause read-overflow

Question

Missing a terminator after strncpy in function Server_jack_init, which may cause read-overflow

awen-li opened this issue 3 years ago · comments

Code snippet

Server_jack_init(Server *self)
{
    int i = 0;
    char client_name[32];  -----------> No initialization
    char name[16];
     .........
    strncpy(client_name, self->serverName, 31);  -------------> when length of self->serverName is 31,  client_name may has no terminator. It is a risk of read-overflow.
     .........
}

Description

Function: Server_jack_init
File: ad_jack.c
Call-path: boot (Python) -> Server_boot -> Server_jack_init
WarningType: read-overflow. Our analysis tool reported a warning at the call-site of strncpy. As client_name is not initialized, it may has no terminator after strncpy hence to cases read-overflow.
Also seen in Details

Awen · Answer 1 · Tue Jun 01 2021 03:35:20 GMT+0800 (China Standard Time)

Anyone can help confirm this issue? thanks.

Olivier Bélanger · Answer 2 · Tue Jun 01 2021 03:43:54 GMT+0800 (China Standard Time)

I'll take a look as soon as I get a chance. Thanks for reporting.

Olivier Bélanger · Answer 3 · Thu Jun 03 2021 10:16:08 GMT+0800 (China Standard Time)

Fixed. Turns out that the copy was completely useless!

Awen · Answer 4 · Thu Jun 03 2021 12:35:00 GMT+0800 (China Standard Time)

Fixed. Turns out that the copy was completely useless!

thanks