bug-inetutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #66296] rshd.c string overflow warning


From: Jeffrey Cliff
Subject: [bug #66296] rshd.c string overflow warning
Date: Sat, 5 Oct 2024 11:48:56 -0400 (EDT)

URL:
  <https://savannah.gnu.org/bugs/?66296>

                 Summary: rshd.c string overflow warning
                   Group: GNU Networking Utilities
               Submitter: themusicgod1
               Submitted: Sat 05 Oct 2024 10:48:53 AM CDT
                Category: None
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any


    _______________________________________________________

Follow-up Comments:


-------------------------------------------------------
Date: Sat 05 Oct 2024 10:48:53 AM CDT By: Jeffrey Cliff <themusicgod1>
inetutils: 2.5
gcc: (GCC) 15.0.0 20240509 (experimental)

rshd.c:1923:3: warning: 'strncat' specified bound 13 equals source length
[-Wstringop-overflow=]
 1923 |   strncat (path, PATH_DEFPATH, sizeof (path) - sizeof ("PATH=") - 1);
 
if i'm reading this right, increasing the size of the "path" string by one
should should fix this:


--- inetutils-2.5/src/rshd.c    2023-12-29 11:34:46.000000000 -0600
+++ inetutils-2.5-works/src/rshd.c      2024-10-05 09:47:18.126254725 -0600
@@ -411,7 +411,7 @@
 char logname[32 + sizeof ("LOGNAME=")] = "LOGNAME=";
 char homedir[256 + sizeof ("HOME=")] = "HOME=";
 char shell[64 + sizeof ("SHELL=")] = "SHELL=";
-char path[sizeof (PATH_DEFPATH) + sizeof ("PATH=")] = "PATH=";
+char path[sizeof (PATH_DEFPATH) + sizeof ("PATH=")+1] = "PATH=";
 char rhost[128 + sizeof ("RHOST=")] = "RHOST=";
 
 #ifndef WITH_PAM









    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?66296>

_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]