diff options
author | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2022-06-01 14:45:27 +0200 |
---|---|---|
committer | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2022-07-26 17:30:21 +0200 |
commit | 6d29e8b3d193e1751c99e547f0a7b350a1e7eb92 (patch) | |
tree | 277db08e86a9d6ace2d96018ece06114e750c3fb /samsung-ipc | |
parent | 5d4cf4d445b2829deac9c755f65c98151eabc157 (diff) | |
download | hardware_replicant_libsamsung-ipc-6d29e8b3d193e1751c99e547f0a7b350a1e7eb92.tar.gz hardware_replicant_libsamsung-ipc-6d29e8b3d193e1751c99e547f0a7b350a1e7eb92.tar.bz2 hardware_replicant_libsamsung-ipc-6d29e8b3d193e1751c99e547f0a7b350a1e7eb92.zip |
gprs: ipc_gprs_pdp_context_request_set_setup: fix truncated strings
Without that fix, when compiling libsamsung-ipc with
--enable-strict-cflags, we have the following error:
gprs.c: In function 'ipc_gprs_pdp_context_request_set_setup':
gprs.c:59:17: error:
'strncpy' specified bound 32 equals destination size
[-Werror=stringop-truncation]
59 | strncpy((char *) data->username, username,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
60 | sizeof(data->username));
| ~~~~~~~~~~~~~~~~~~~~~~~
gprs.c:61:17: error:
'strncpy' specified bound 32 equals destination size
[-Werror=stringop-truncation]
61 | strncpy((char *) data->password, password,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
62 | sizeof(data->password));
| ~~~~~~~~~~~~~~~~~~~~~~~
It comes from the fact that the size of the username and password
fields are fixed (to 32) in include/gprs.h:
struct ipc_gprs_pdp_context_request_set_data {
unsigned char enable;
unsigned char cid;
unsigned char magic1[4];
unsigned char username[32];
unsigned char password[32];
unsigned char unknown[32];
unsigned char magic2;
} __attribute__((__packed__));
The issue is that in ipc_gprs_pdp_context_request_set_setup we had the
following code:
int ipc_gprs_pdp_context_request_set_setup(
struct ipc_gprs_pdp_context_request_set_data *data,
unsigned char enable,
unsigned char cid,
const char *username,
const char *password)
{
[...]
strncpy((char *) data->username, username,
sizeof(data->username));
strncpy((char *) data->password, password,
sizeof(data->password));
[...]
return 0;
}
And in the strcpy(3) manual we have:
The strncpy() function is similar, except that at most n bytes of
src are copied. Warning: If there is no null byte among the first
n bytes of src, the string placed in dest will not be
null-terminated.
So if we have a username and/or password of 32 or more characters, the
copied data will not be null terminated hence the warning.
Since username and passwords fields are character array and not
strings, and that the field is padded with zeros anyway we can use
memcpy instead.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Diffstat (limited to 'samsung-ipc')
-rw-r--r-- | samsung-ipc/gprs.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/samsung-ipc/gprs.c b/samsung-ipc/gprs.c index 64d94f9..c9722e5 100644 --- a/samsung-ipc/gprs.c +++ b/samsung-ipc/gprs.c @@ -56,9 +56,9 @@ int ipc_gprs_pdp_context_request_set_setup( data->magic1[2] = 0x13; data->magic2 = 0x01; - strncpy((char *) data->username, username, + memcpy(data->username, username, sizeof(data->username)); - strncpy((char *) data->password, password, + memcpy(data->password, password, sizeof(data->password)); } |