blob: 295e08a901f8cb636f1e922be0ee0149464cc79b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
From b4bc5c335159b1c272e06dba98e2916e3ecc0462 Mon Sep 17 00:00:00 2001
From: Howitzer105mm <howitzer105mm@noreply.codeberg.org>
Date: Tue, 26 Mar 2024 11:28:16 +0000
Subject: [PATCH] open: Eliminate buffer overrun (#24)
clangd reports a buffer overrun issue in `open` interface.
The sprintf() used to fill ipmi_devfs2 requires 17 bytes to store the
null terminated string. The character buffer is only 16 bytes in
length.
Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>
Reviewed-on: https://codeberg.org/IPMITool/ipmitool/pulls/24
Reviewed-by: Alexander Amelkin <alexander@amelkin.msk.ru>
Co-authored-by: Howitzer105mm <howitzer105mm@noreply.codeberg.org>
Co-committed-by: Howitzer105mm <howitzer105mm@noreply.codeberg.org>
Forwarded: not-needed
Applied-Upstream: https://codeberg.org/IPMITool/ipmitool/commit/b4bc5c335159b1c272e06dba98e2916e3ecc0462
---
src/plugins/open/open.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/plugins/open/open.c b/src/plugins/open/open.c
index 39c8ea2..88cb6c3 100644
--- a/src/plugins/open/open.c
+++ b/src/plugins/open/open.c
@@ -94,7 +94,7 @@ ipmi_openipmi_open(struct ipmi_intf *intf)
{
char ipmi_dev[16];
char ipmi_devfs[16];
- char ipmi_devfs2[16];
+ char ipmi_devfs2[17];
int devnum = 0;
devnum = intf->devnum;
|
