Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Buffer overflow possibility on command processing from strcpy use and in DS_FileCreateDest w/ bad size to strncpy #46

Closed
2 tasks done
skliper opened this issue Aug 17, 2022 · 0 comments · Fixed by #47
Assignees
Milestone

Comments

@skliper
Copy link
Contributor

skliper commented Aug 17, 2022

Checklist (Please check before submitting)

  • I reviewed the Contributing Guide.
  • I performed a cursory search to see if the bug report is relevant, not redundant, nor in conflict with other tickets.

Describe the bug
Pathname from cmd used in strcpy, could overflow table Pathname if not terminated:

strcpy(pDest->Pathname, DS_DestPathCmd->Pathname);

If DestFile->Pathname isn't null terminated garbage could be added to the Workname which gets copied back to the file name:

strncpy(Workname, DestFile->Pathname, WorknameLen - 1);

To Reproduce
This was actually happening in the test, although the test overflowed the buffer to get this condition:

DS/unit-test/ds_file_tests.c

Lines 1038 to 1042 in 9d0651c

/* Set to fail the condition "if (TotalLength != (WorknameLen - 1))" */
for (i = 0; i < WorknameLen - 1; i++)
{
DS_AppData.DestFileTblPtr->File[FileIndex].Pathname[i] = 'a';
}

Expected behavior
Only copy up to the size of the Pathname.

Code snips
See above

System observed on:
CI

Additional context
None

Reporter Info
Jacob Hageman - NASA/GSFC

@skliper skliper added the bug label Aug 17, 2022
@skliper skliper added this to the Draco milestone Aug 17, 2022
@skliper skliper self-assigned this Aug 17, 2022
skliper added a commit to skliper/DS that referenced this issue Aug 17, 2022
dzbaker added a commit that referenced this issue Aug 25, 2022
Fix #46 #48 #49 #50, Resolve multiple static analysis issues (includes bug fixes) and remove unnecessary UT handlers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants