| Summary: | DAHTOOL-00089: dahdi_cfg: Destination buffer too small for snprintf output | ||
| Reporter: | N A (InterLinked) | Labels: | |
| Date Opened: | 2021-10-12 19:59:12 | Date Closed: | |
| Priority: | Minor | Regression? | |
| Status: | Triage/New | Components: | Utilities |
| Versions: | 3.1.0 | Frequency of Occurrence | Constant |
| Related Issues: | |||
| Environment: | Debian 10, kernel 5.10 | Attachments: | |
| Description: | dahdi_cfg.c: In function ‘are_all_spans_assigned’:
dahdi_cfg.c:153:7: warning: ‘/span_count’ directive output may be truncated writing 11 bytes into a region of size between 0 and 1023 [-Wformat-truncation=] 153 | "%s/span_count", device_path); | ^~~~~~~~~~~ dahdi_cfg.c:152:2: note: ‘snprintf’ output between 12 and 1035 bytes into a destination of size 1023 152 | snprintf(attribute, sizeof(attribute) - 1, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 153 | "%s/span_count", device_path); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The problem here is that the buffer size isn't accounting for the size of "/span_count" as well, which adds 12 characters. The attached patch resolves this issue: https://code.phreaknet.org/asterisk/dahdi/dahdi_cfg.diff | ||
| Comments: | |||