[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20250216172553.709642-1-ant.v.moryakov@gmail.com>
Date: Sun, 16 Feb 2025 20:25:53 +0300
From: Anton Moryakov <ant.v.moryakov@...il.com>
To: musl@...ts.openwall.com
Cc: Anton Moryakov <ant.v.moryakov@...il.com>
Subject: [PATCH] src: string: Replace unsafe wcscpy with wcsncat in wcscat()
Static analyzer reported:
PROC_USE.VULNERABLE: Use of vulnerable function 'wcscpy' at wcscat.c:5. This function is unsafe, use wcsncpy instead.
Corrections explained:
Replaced the vulnerable function wcscpy with wcsncat in wcscat()
to prevent potential buffer overflows.
wcscpy(dest + wcslen(dest), src); was unsafe because it could overwrite
memory beyond the allocated buffer.
Now using:
wcsncat(dest, src, wcslen(src));
This change improves security but does not guarantee buffer overflow protection.
To fully ensure safety, the function should also receive the destination buffer
size as a parameter.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov@...il.com>
---
src/string/wcscat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/string/wcscat.c b/src/string/wcscat.c
index d4f00ebd..7599a6eb 100644
--- a/src/string/wcscat.c
+++ b/src/string/wcscat.c
@@ -2,6 +2,6 @@
wchar_t *wcscat(wchar_t *restrict dest, const wchar_t *restrict src)
{
- wcscpy(dest + wcslen(dest), src);
+ wcsncat(dest, src, wcslen(src));
return dest;
}
--
2.30.2
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
