Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20240324175222.GD32430@brightrain.aerifal.cx>
Date: Sun, 24 Mar 2024 13:52:23 -0400
From: Rich Felker <dalias@...ifal.cx>
To: Maks Mishin <maks.mishinfz@...il.com>
Cc: musl@...ts.openwall.com
Subject: Re: [PATCH] lookup_name: Replace call of vulnerable function

On Sun, Mar 24, 2024 at 08:32:51PM +0300, Maks Mishin wrote:
> Use of vulnerable function 'strcpy' at lookup_name.c:122.
> This function is unsafe, use 'strncpy' instead.
> 
> Found by RASU JSC.
> 
> Signed-off-by: Maks Mishin <maks.mishinFZ@...il.com>
> ---
>  src/network/lookup_name.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/network/lookup_name.c b/src/network/lookup_name.c
> index 35218185..b59ec7c6 100644
> --- a/src/network/lookup_name.c
> +++ b/src/network/lookup_name.c
> @@ -119,7 +119,7 @@ static int dns_parse_callback(void *c, int rr, const void *data, int len, const
>  	if (rr == RR_CNAME) {
>  		if (__dn_expand(packet, (const unsigned char *)packet + plen,
>  		    data, tmp, sizeof tmp) > 0 && is_valid_hostname(tmp))
> -			strcpy(ctx->canon, tmp);
> +			strncpy(ctx->canon, tmp, sizeof ctx->canon);
>  		return 0;
>  	}
>  	if (ctx->cnt >= MAXADDRS) return 0;
> -- 
> 2.30.2

The buffer is explicitly chosen with size such that any hostname fits,
and the is_valid_hostname predicate checks this.

This RASU JSC static analysis tool you're using seems particularly bad
at its job.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.