VxWorks OSAL uses potentially unsafe "strcpy" operations #195
Comments
|
Imported from trac issue 172. Created by jphickey on 2016-07-26T17:07:26, last modified: 2019-08-14T14:11:46 |
|
Trac comment by jphickey on 2019-03-26 08:52:42: This can be added to the pool of "stuff that gets fixed by migrating to NG architecture". After #231 gets merged this should be closed. |
|
Just needs close review to confirm all cases were addressed. |
|
Only remaining concern: os/shared/osapi-printf.c: strcpy(console->device_name, OS_PRINTF_CONSOLE_NAME); Could be defined in osconfig.h, but no check on size seen (quick inspection). |
|
Want me to reassign this one? @jphickey |
|
No, I'll just change that last case to an strncpy instead, as part of the other refactoring I am doing for #285. Any change made separately will likely cause merge woes. Note that the symbol OS_PRINTF_CONSOLE_NAME would be defined in osconfig.h, which the same file as OS_MAX_API_NAME (the actual length limit) is defined. But it doesn't hurt to use strncpy instead of strcpy here just in case the user misconfigures, and its a trivial change in the code. |
|
Closed in #443 |
In at several locations the VxWorks OSAL is using
strcat()andstrcpy()functions to copy strings between string buffers that are sized using different macros.At least one of the sizes in play, the
OS_MAX_PATH_LENcomes from the user-configurable "osconfig.h" file. Other sizes, such asOS_FS_PHYS_NAME_LENare specified in the local headers and are not user-configurable.In some functions, such as
OS_mkfs(but not limited to this), a local buffer of sizeOS_MAX_PATH_LENis copied into a global buffer of sizeOS_FS_PHYS_NAME_LEN.However, because the
OS_MAX_PATH_LENis configurable via the osconfig.h file, it is not guaranteed thatOS_MAX_PATH_LENis less than or equal toOS_FS_PHYS_NAME_LEN.The text was updated successfully, but these errors were encountered: