From: Petr Štetiar Date: Mon, 23 May 2022 19:02:38 +0000 (+0200) Subject: genl_family: explicitly null terminate strncpy destination buffer X-Git-Url: http://git.openwrt.org/%22http:/oss.oetiker.ch/rrdtool//%22/%22http:/oss.oetiker.ch/rrdtool/%22?a=commitdiff_plain;h=28c44ca97cd546ef8168e7476472a0da022b3421;p=project%2Flibnl-tiny.git genl_family: explicitly null terminate strncpy destination buffer The strncpy() function doesn't null terminate the destination string if the source string is at least as long as the destination. (This behavior is defined by the C99 specification.) As a result, the destination string must be null terminated after calling strncpy(). And clang11 static analyzer thus reports following: genl_family.c:148:2: error: ‘strncpy’ output may be truncated copying 15 bytes from a string of length 15 [-Werror=stringop-truncation] 148 | strncpy(grp->name, name, GENL_NAMSIZ - 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: https://gitlab.com/openwrt/project/libnl-tiny/-/jobs/2495301251#L197 Signed-off-by: Petr Štetiar --- diff --git a/genl_family.c b/genl_family.c index 221acfa..a0d83dc 100644 --- a/genl_family.c +++ b/genl_family.c @@ -146,6 +146,7 @@ int genl_family_add_grp(struct genl_family *family, uint32_t id, grp->id = id; strncpy(grp->name, name, GENL_NAMSIZ - 1); + grp->name[GENL_NAMSIZ - 1] = '\0'; nl_list_add_tail(&grp->list, &family->gf_mc_grps); diff --git a/include/netlink/genl/family.h b/include/netlink/genl/family.h index 8a1a38b..ca71181 100644 --- a/include/netlink/genl/family.h +++ b/include/netlink/genl/family.h @@ -82,6 +82,7 @@ static inline char *genl_family_get_name(struct genl_family *family) static inline void genl_family_set_name(struct genl_family *family, const char *name) { strncpy(family->gf_name, name, GENL_NAMSIZ-1); + family->gf_name[GENL_NAMSIZ - 1] = '\0'; family->ce_mask |= FAMILY_ATTR_NAME; }