diff options
| author |   Ronan Le Martret <ronan.lemartret@iot.bzh> | 2017-08-29 16:07:56 +0200 |
|---|---|---|
| committer |   Romain Forlot <romain.forlot@iot.bzh> | 2018-12-13 15:02:25 +0100 |
| commit | e572871c06b7d04722d56becf7ef8ad86b14124c (patch) | |
| tree | 167729220b3ca98148183382fd64668287f902d9 /ctl-binding/ctl-lua.c | |
| parent | d60bc482a611e31da6e0b78b6e482ee270635891 (diff) | |
Fix strncat funct
I: Statement might be overflowing a buffer in strncat. Common mistake:
BAD: strncat(buffer,charptr,sizeof(buffer)) is wrong, it takes the left over size as 3rd argument
GOOD: strncat(buffer,charptr,sizeof(buffer)-strlen(buffer)-1)
Signed-off-by: Ronan Le Martret <ronan.lemartret@iot.bzh>
Diffstat (limited to 'ctl-binding/ctl-lua.c')
| -rw-r--r-- | ctl-binding/ctl-lua.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/ctl-binding/ctl-lua.c b/ctl-binding/ctl-lua.c index d737026..2c80205 100644 --- a/ctl-binding/ctl-lua.c +++ b/ctl-binding/ctl-lua.c @@ -741,8 +741,8 @@ STATIC void LuaDoAction (LuaDoActionT action, afb_req request) { // search for filename=script in CONTROL_LUA_PATH if (!luaScriptPathJ) { strncpy(luaScriptPath,CONTROL_DOSCRIPT_PRE, sizeof(luaScriptPath)); - strncat(luaScriptPath,"-", sizeof(luaScriptPath)); - strncat(luaScriptPath,target, sizeof(luaScriptPath)); + strncat(luaScriptPath,"-", sizeof(luaScriptPath)-strlen(luaScriptPath)-1); + strncat(luaScriptPath,target, sizeof(luaScriptPath)-strlen(luaScriptPath)-1); luaScriptPathJ= ScanForConfig(CONTROL_LUA_PATH , CTL_SCAN_RECURSIVE,luaScriptPath,".lua"); } for (index=0; index < json_object_array_length(luaScriptPathJ); index++) { @@ -757,8 +757,8 @@ STATIC void LuaDoAction (LuaDoActionT action, afb_req request) { if (index > 0) AFB_WARNING("LUA-DOSCRIPT-SCAN:Ignore second script=%s path=%s", filename, fullpath); else { strncpy (luaScriptPath, fullpath, sizeof(luaScriptPath)); - strncat (luaScriptPath, "/", sizeof(luaScriptPath)); - strncat (luaScriptPath, filename, sizeof(luaScriptPath)); + strncat (luaScriptPath, "/", sizeof(luaScriptPath)-strlen(luaScriptPath)-1); + strncat (luaScriptPath, filename, sizeof(luaScriptPath)-strlen(luaScriptPath)-1); } } @@ -778,7 +778,7 @@ STATIC void LuaDoAction (LuaDoActionT action, afb_req request) { // if no func name given try to deduct from filename if (!func && (func=(char*)GetMidleName(filename))!=NULL) { strncpy(luaScriptPath,"_", sizeof(luaScriptPath)); - strncat(luaScriptPath,func, sizeof(luaScriptPath)); + strncat(luaScriptPath,func, sizeof(luaScriptPath)-strlen(luaScriptPath)-1); func=luaScriptPath; } if (!func) { @@ -995,8 +995,8 @@ PUBLIC int LuaLibInit () { // search for default policy config file char fullprefix[CONTROL_MAXPATH_LEN]; strncpy (fullprefix, CONTROL_CONFIG_PRE "-", sizeof(fullprefix)); - strncat (fullprefix, GetBinderName(), sizeof(fullprefix)); - strncat (fullprefix, "-", sizeof(fullprefix)); + strncat (fullprefix, GetBinderName(), sizeof(fullprefix)-strlen(fullprefix)-1); + strncat (fullprefix, "-", sizeof(fullprefix)-strlen(fullprefix)-1); const char *dirList= getenv("CONTROL_LUA_PATH"); if (!dirList) dirList=CONTROL_LUA_PATH; @@ -1039,8 +1039,8 @@ PUBLIC int LuaLibInit () { char filepath[CONTROL_MAXPATH_LEN]; strncpy(filepath, fullpath, sizeof(filepath)); - strncat(filepath, "/", sizeof(filepath)); - strncat(filepath, filename, sizeof(filepath)); + strncat(filepath, "/", sizeof(filepath)-strlen(filepath)-1); + strncat(filepath, filename, sizeof(filepath)-strlen(filepath)-1); err= luaL_loadfile(luaState, filepath); if (err) { AFB_ERROR ("LUA-LOAD HOOPs Error in LUA loading scripts=%s err=%s", filepath, lua_tostring(luaState,-1)); |