From: Andrey Zhizhikin andrey.z@gmail.com
[ Upstream commit 6794200fa3c9c3e6759dae099145f23e4310f4f7 ]
GCC9 introduced string hardening mechanisms, which exhibits the error during fs api compilation:
error: '__builtin_strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation]
This comes when the length of copy passed to strncpy is is equal to destination size, which could potentially lead to buffer overflow.
There is a need to mitigate this potential issue by limiting the size of destination by 1 and explicitly terminate the destination with NULL.
Signed-off-by: Andrey Zhizhikin andrey.zhizhikin@leica-geosystems.com Reviewed-by: Petr Mladek pmladek@suse.com Acked-by: Jiri Olsa jolsa@kernel.org Cc: Alexei Starovoitov ast@kernel.org Cc: Andrii Nakryiko andriin@fb.com Cc: Daniel Borkmann daniel@iogearbox.net Cc: Kefeng Wang wangkefeng.wang@huawei.com Cc: Martin KaFai Lau kafai@fb.com Cc: Petr Mladek pmladek@suse.com Cc: Sergey Senozhatsky sergey.senozhatsky@gmail.com Cc: Song Liu songliubraving@fb.com Cc: Yonghong Song yhs@fb.com Cc: bpf@vger.kernel.org Cc: netdev@vger.kernel.org Link: http://lore.kernel.org/lkml/20191211080109.18765-1-andrey.zhizhikin@leica-ge... Signed-off-by: Arnaldo Carvalho de Melo acme@redhat.com Signed-off-by: Sasha Levin sashal@kernel.org Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- tools/lib/api/fs/fs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tools/lib/api/fs/fs.c b/tools/lib/api/fs/fs.c index 7aba824..bd021a0 100644 --- a/tools/lib/api/fs/fs.c +++ b/tools/lib/api/fs/fs.c @@ -210,6 +210,7 @@ static bool fs__env_override(struct fs *fs) size_t name_len = strlen(fs->name); /* name + "_PATH" + '\0' */ char upper_name[name_len + 5 + 1]; + memcpy(upper_name, fs->name, name_len); mem_toupper(upper_name, name_len); strcpy(&upper_name[name_len], "_PATH"); @@ -219,7 +220,8 @@ static bool fs__env_override(struct fs *fs) return false;
fs->found = true; - strncpy(fs->path, override_path, sizeof(fs->path)); + strncpy(fs->path, override_path, sizeof(fs->path) - 1); + fs->path[sizeof(fs->path) - 1] = '\0'; return true; }