qemu/0036-sockets-avoid-string-truncation-war.patch
Bruce Rogers b1a445e3fd Accepting request 702352 from home:bfrogers:branches:Virtualization
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0
* Patches renamed:
  0036-util-qemu-sockets-Fix-GCC-9-build-w.patch
  -> 0036-sockets-avoid-string-truncation-war.patch
  0039-linux-user-uname-Fix-GCC-9-build-wa.patch
  -> 0039-linux-user-avoid-string-truncation-.patch
- Correct logic of which ipxe patches get included based on
  suse_version. We were wrongly excluding a gcc9 related patch for
  example
- Switch to now upstreamed version of some patches
* Patches renamed:
  0036-util-qemu-sockets-Fix-GCC-9-build-w.patch
  -> 0036-sockets-avoid-string-truncation-war.patch
  0039-linux-user-uname-Fix-GCC-9-build-wa.patch
  -> 0039-linux-user-avoid-string-truncation-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0
- Create /usr/share/qemu/firmware and /etc/qemu/firmware directories
  in support of the firmware descriptor feature now in use as of
  libvirt v5.2
- Correct logic of which ipxe patches get included based on
  suse_version. We were wrongly excluding a gcc9 related patch for
  example
- Switch to now upstreamed version of some patches
* Patches renamed:
  0036-util-qemu-sockets-Fix-GCC-9-build-w.patch
  -> 0036-sockets-avoid-string-truncation-war.patch
  0039-linux-user-uname-Fix-GCC-9-build-wa.patch
  -> 0039-linux-user-avoid-string-truncation-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0
- Create /usr/share/qemu/firmware and /etc/qemu/firmware directories
  in support of the firmware descriptor feature now in use as of
  libvirt v5.2

OBS-URL: https://build.opensuse.org/request/show/702352
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=468
2019-05-11 15:08:13 +00:00

95 lines
4.0 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Wed, 1 May 2019 15:50:52 +0100
Subject: sockets: avoid string truncation warnings when copying UNIX path
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In file included from /usr/include/string.h:494,
from include/qemu/osdep.h:101,
from util/qemu-sockets.c:18:
In function strncpy,
inlined from unix_connect_saddr.isra.0 at util/qemu-sockets.c:925:5:
/usr/include/bits/string_fortified.h:106:10: warning: __builtin_strncpy specified bound 108 equals destination size [-Wstringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function strncpy,
inlined from unix_listen_saddr.isra.0 at util/qemu-sockets.c:880:5:
/usr/include/bits/string_fortified.h:106:10: warning: __builtin_strncpy specified bound 108 equals destination size [-Wstringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We are already validating the UNIX socket path length earlier in
the functions. If we save this string length when we first check
it, then we can simply use memcpy instead of strcpy later, avoiding
the gcc truncation warnings.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20190501145052.12579-1-berrange@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
util/qemu-sockets.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 9705051690..ba6335e71a 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -830,6 +830,7 @@ static int unix_listen_saddr(UnixSocketAddress *saddr,
int sock, fd;
char *pathbuf = NULL;
const char *path;
+ size_t pathlen;
sock = qemu_socket(PF_UNIX, SOCK_STREAM, 0);
if (sock < 0) {
@@ -845,7 +846,8 @@ static int unix_listen_saddr(UnixSocketAddress *saddr,
path = pathbuf = g_strdup_printf("%s/qemu-socket-XXXXXX", tmpdir);
}
- if (strlen(path) > sizeof(un.sun_path)) {
+ pathlen = strlen(path);
+ if (pathlen > sizeof(un.sun_path)) {
error_setg(errp, "UNIX socket path '%s' is too long", path);
error_append_hint(errp, "Path must be less than %zu bytes\n",
sizeof(un.sun_path));
@@ -877,7 +879,7 @@ static int unix_listen_saddr(UnixSocketAddress *saddr,
memset(&un, 0, sizeof(un));
un.sun_family = AF_UNIX;
- strncpy(un.sun_path, path, sizeof(un.sun_path));
+ memcpy(un.sun_path, path, pathlen);
if (bind(sock, (struct sockaddr*) &un, sizeof(un)) < 0) {
error_setg_errno(errp, errno, "Failed to bind socket to %s", path);
@@ -901,6 +903,7 @@ static int unix_connect_saddr(UnixSocketAddress *saddr, Error **errp)
{
struct sockaddr_un un;
int sock, rc;
+ size_t pathlen;
if (saddr->path == NULL) {
error_setg(errp, "unix connect: no path specified");
@@ -913,7 +916,8 @@ static int unix_connect_saddr(UnixSocketAddress *saddr, Error **errp)
return -1;
}
- if (strlen(saddr->path) > sizeof(un.sun_path)) {
+ pathlen = strlen(saddr->path);
+ if (pathlen > sizeof(un.sun_path)) {
error_setg(errp, "UNIX socket path '%s' is too long", saddr->path);
error_append_hint(errp, "Path must be less than %zu bytes\n",
sizeof(un.sun_path));
@@ -922,7 +926,7 @@ static int unix_connect_saddr(UnixSocketAddress *saddr, Error **errp)
memset(&un, 0, sizeof(un));
un.sun_family = AF_UNIX;
- strncpy(un.sun_path, saddr->path, sizeof(un.sun_path));
+ memcpy(un.sun_path, saddr->path, pathlen);
/* connect to peer */
do {