[virt-tools-list] [virt-viewer][PATCH 1/2] coverity: Copy into fixed sized buffer
Fabiano Fidêncio
fidencio at redhat.com
Mon Aug 17 15:55:29 UTC 2015
Coverity says:
You might overrun the 108 byte fixed-size string "addr.sun_path" by
copying "unixsock" without checking the lenght.
Note: This detect has an elevated risk because the source argument is a
paramenter of the current function.
---
src/virt-viewer-app.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/virt-viewer-app.c b/src/virt-viewer-app.c
index d762699..f53a6f8 100644
--- a/src/virt-viewer-app.c
+++ b/src/virt-viewer-app.c
@@ -705,6 +705,11 @@ virt_viewer_app_open_unix_sock(const char *unixsock)
struct sockaddr_un addr;
int fd;
+ if (strlen(unixsock) + 1 > sizeof(addr.sun_path)) {
+ g_warning ("address is too long for unix socket_path: %s", unixsock);
+ return -1;
+ }
+
memset(&addr, 0, sizeof addr);
addr.sun_family = AF_UNIX;
strcpy(addr.sun_path, unixsock);
--
2.4.3
More information about the virt-tools-list
mailing list