|
 |
05c763 |
From dce238da3376ff556e93b892349e5caea4c7c5b5 Mon Sep 17 00:00:00 2001
|
|
|
05c763 |
From: Peter Jones <pjones@redhat.com>
|
|
|
05c763 |
Date: Fri, 2 Jun 2017 16:36:30 -0400
|
|
|
05c763 |
Subject: [PATCH 18/22] sysinfo_get_asset_tag(): get rid of a strncpy() off by
|
|
|
05c763 |
one error.
|
|
|
05c763 |
|
|
|
05c763 |
Covscan found:
|
|
|
05c763 |
|
|
|
05c763 |
Error: BUFFER_SIZE (CWE-120): [#def39]
|
|
|
05c763 |
libsmbios-2.3.3/src/libsmbios_c/system_info/asset_tag.c:143: buffer_size: Calling strncpy with a source string whose length (13 chars) is greater than or equal to the size argument (13) will fail to null-terminate "assetTag".
|
|
|
05c763 |
|
|
|
05c763 |
In which case the buffer would not be correctly terminated. This loop
|
|
|
05c763 |
also returns the /first/ zero-length entry instead of trying additional
|
|
|
05c763 |
methods, as the comment at the top implies it should do.
|
|
|
05c763 |
|
|
|
05c763 |
This patch simplifies the loop, and simply returns
|
|
|
05c763 |
strdup(ASSET_TAG_NOT_SPECIFIED) in the case where we find no useful
|
|
|
05c763 |
response.
|
|
|
05c763 |
|
|
|
05c763 |
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
05c763 |
---
|
|
|
05c763 |
src/libsmbios_c/system_info/asset_tag.c | 25 ++++++++++---------------
|
|
|
05c763 |
1 file changed, 10 insertions(+), 15 deletions(-)
|
|
|
05c763 |
|
|
|
05c763 |
diff --git a/src/libsmbios_c/system_info/asset_tag.c b/src/libsmbios_c/system_info/asset_tag.c
|
|
|
05c763 |
index da216b18943..0e865947d41 100644
|
|
|
05c763 |
--- a/src/libsmbios_c/system_info/asset_tag.c
|
|
|
05c763 |
+++ b/src/libsmbios_c/system_info/asset_tag.c
|
|
|
05c763 |
@@ -128,25 +128,20 @@ LIBSMBIOS_C_DLL_SPEC char *sysinfo_get_asset_tag()
|
|
|
05c763 |
// first function to return non-zero id with strlen()>0 wins.
|
|
|
05c763 |
assetTag = DellAssetTagFunctions[i].f_ptr ();
|
|
|
05c763 |
fnprintf("got result: %p\n", assetTag);
|
|
|
05c763 |
- if (assetTag)
|
|
|
05c763 |
+ if (!assetTag)
|
|
|
05c763 |
+ continue;
|
|
|
05c763 |
+
|
|
|
05c763 |
+ strip_trailing_whitespace(assetTag);
|
|
|
05c763 |
+ if (!strlen(assetTag))
|
|
|
05c763 |
{
|
|
|
05c763 |
- strip_trailing_whitespace(assetTag);
|
|
|
05c763 |
- if (!strlen(assetTag))
|
|
|
05c763 |
- {
|
|
|
05c763 |
- fnprintf("string is zero len, returning as not specified\n");
|
|
|
05c763 |
- /*
|
|
|
05c763 |
- * In case one of the function returns an empty string (zero len),
|
|
|
05c763 |
- * we would be returning the value "Not Specified" to the caller.
|
|
|
05c763 |
- */
|
|
|
05c763 |
- assetTag = realloc(assetTag, ASSET_TAG_NOT_SPECIFIED_LEN);
|
|
|
05c763 |
- if (assetTag)
|
|
|
05c763 |
- strncpy(assetTag, ASSET_TAG_NOT_SPECIFIED, ASSET_TAG_NOT_SPECIFIED_LEN - 1);
|
|
|
05c763 |
- goto out;
|
|
|
05c763 |
- }
|
|
|
05c763 |
+ fnprintf("string is zero len, not using it\n");
|
|
|
05c763 |
+ free(assetTag);
|
|
|
05c763 |
+ assetTag = NULL;
|
|
|
05c763 |
}
|
|
|
05c763 |
}
|
|
|
05c763 |
|
|
|
05c763 |
-out:
|
|
|
05c763 |
+ if (!assetTag)
|
|
|
05c763 |
+ assetTag = strdup(ASSET_TAG_NOT_SPECIFIED);
|
|
|
05c763 |
return assetTag;
|
|
|
05c763 |
}
|
|
|
05c763 |
|
|
|
05c763 |
--
|
|
|
05c763 |
2.14.3
|
|
|
05c763 |
|