From dce238da3376ff556e93b892349e5caea4c7c5b5 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 2 Jun 2017 16:36:30 -0400
Subject: [PATCH 18/22] sysinfo_get_asset_tag(): get rid of a strncpy() off by
 one error.

Covscan found:

Error: BUFFER_SIZE (CWE-120): [#def39]
libsmbios-2.3.3/src/libsmbios_c/system_info/asset_tag.c:143: buffer_size: Calling strncpy with a source string whose length (13 chars) is greater than or equal to the size argument (13) will fail to null-terminate "assetTag".

In which case the buffer would not be correctly terminated.  This loop
also returns the /first/ zero-length entry instead of trying additional
methods, as the comment at the top implies it should do.

This patch simplifies the loop, and simply returns
strdup(ASSET_TAG_NOT_SPECIFIED) in the case where we find no useful
response.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 src/libsmbios_c/system_info/asset_tag.c | 25 ++++++++++---------------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/src/libsmbios_c/system_info/asset_tag.c b/src/libsmbios_c/system_info/asset_tag.c
index da216b18943..0e865947d41 100644
--- a/src/libsmbios_c/system_info/asset_tag.c
+++ b/src/libsmbios_c/system_info/asset_tag.c
@@ -128,25 +128,20 @@ LIBSMBIOS_C_DLL_SPEC char *sysinfo_get_asset_tag()
         // first function to return non-zero id with strlen()>0 wins.
         assetTag = DellAssetTagFunctions[i].f_ptr ();
         fnprintf("got result: %p\n", assetTag);
-        if (assetTag)
+        if (!assetTag)
+            continue;
+
+        strip_trailing_whitespace(assetTag);
+        if (!strlen(assetTag))
         {
-            strip_trailing_whitespace(assetTag);
-            if (!strlen(assetTag))
-            {
-                fnprintf("string is zero len, returning as not specified\n");
-                /*
-                 * In case one of the function returns an empty string (zero len),
-                 * we would be returning the value "Not Specified" to the caller.
-                 */
-                assetTag = realloc(assetTag, ASSET_TAG_NOT_SPECIFIED_LEN);
-                if (assetTag)
-                    strncpy(assetTag, ASSET_TAG_NOT_SPECIFIED, ASSET_TAG_NOT_SPECIFIED_LEN - 1);
-                goto out;
-            }
+            fnprintf("string is zero len, not using it\n");
+            free(assetTag);
+            assetTag = NULL;
         }
     }
 
-out:
+    if (!assetTag)
+        assetTag = strdup(ASSET_TAG_NOT_SPECIFIED);
     return assetTag;
 }
 
-- 
2.14.3