From 7924aecf95bf4918a485a041f2426bd1fa407ac8 Mon Sep 17 00:00:00 2001 From: Michael Meffie Date: Fri, 3 Sep 2021 07:05:36 -0400 Subject: [PATCH] ptserver: Fix CreateEntry() stringop-overflow warnings MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The CreateEntry() prototype has been fixed to match the function definition, so callers are expected to provide bounded arrays for the user or group name. Fix the InitialGroup() macro which is used to set the built-in names using string literal to avoid stringop-overflow warnings. error: ‘CreateEntry’ accessing 64 bytes in a region of size 22 [-Werror=stringop-overflow=] code = CreateEntry(tt, (name), &temp, /*idflag*/1, flag, SYSADMINID, SYSADMINID); \ note: in expansion of macro ‘InitialGroup’ InitialGroup(SYSADMINID, "system:administrators"); note: referencing argument 2 of type ‘char *’ note: in a call to function ‘CreateEntry’ CreateEntry(struct ubik_trans *at, char aname[PR_MAXNAMELEN], ... (Repeated for "system:backup", "system:anyuser", "system:authuser", "system:ptsviewers", and "anonymous".) Change-Id: I7a37d4c8e191ffff52c2fdc1ed3783f4c3592b11 Reviewed-on: https://gerrit.openafs.org/14789 Reviewed-by: Benjamin Kaduk Tested-by: Benjamin Kaduk --- src/ptserver/ptutils.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/ptserver/ptutils.c b/src/ptserver/ptutils.c index dfa54ee..07fd220 100644 --- a/src/ptserver/ptutils.c +++ b/src/ptserver/ptutils.c @@ -1847,8 +1847,15 @@ Initdb(void) #define InitialGroup(id,name) do { \ afs_int32 temp = (id); \ afs_int32 flag = (id) < 0 ? PRGRP : 0; \ + char tname[PR_MAXNAMELEN]; \ + if (strlcpy(tname, (name), sizeof(tname)) >= sizeof(tname)) { \ + code = PRBADNAM; \ + afs_com_err (whoami, code, "name too long %s", (name)); \ + ubik_AbortTrans(tt); \ + return code; \ + } \ code = CreateEntry \ - (tt, (name), &temp, /*idflag*/1, flag, SYSADMINID, SYSADMINID); \ + (tt, tname, &temp, /*idflag*/1, flag, SYSADMINID, SYSADMINID); \ if (code) { \ afs_com_err (whoami, code, "couldn't create %s with id %di.", \ (name), (id)); \ -- 1.9.4