Project Name | CID | Checker | Category | Developer Description |
---|---|---|---|---|
xfsprogs | 1297996 | BAD_SIZEOF | Incorrect expression | With two string literals, "SGI_ACL_FILE" and "SGI_ACL_DEFAULT", the addition of the (unsigned char *) cast resulted in sizeof returning 7 (size of pointer minus one), rather than the length of the string. Subsequent strncmps using these two strings only compared the first 7 chars, which happen to be identical between the two strings. This was only a test branch, not yet in the main branch or in a release, so it was very good to find this problem early. |
728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 |
* fork being emptied and put in shortform format. */ /* * This routine just checks what security needs are for attribute values * only called when root flag is set, otherwise these names could exist in * in user attribute land without a conflict. * If value is non-zero, then a remote attribute is being passed in */ static int valuecheck( struct xfs_mount *mp, char *namevalue, char *value, int namelen, int valuelen) { /* for proper alignment issues, get the structs and memmove the values */ xfs_mac_label_t macl; void *valuep; int clearit = 0; if ((strncmp(namevalue, SGI_ACL_FILE, SGI_ACL_FILE_SIZE) == 0) || (strncmp(namevalue, SGI_ACL_DEFAULT, |
<<< CID 1297996: Incorrect expression BAD_SIZEOF <<< Taking the size of ""SGI_ACL_DEFAULT"", which is the address of an object, is suspicious.
< Did you intend the size of ""SGI_ACL_DEFAULT"" itself?
752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 |
SGI_ACL_DEFAULT_SIZE) == 0)) { if (value == NULL) { valuep = malloc(valuelen); if (!valuep) do_error(_("No memory for ACL check!\n")); memcpy(valuep, namevalue + namelen, valuelen); } else valuep = value; if (xfs_acl_valid(mp, valuep) != 0) { clearit = 1; do_warn( _("entry contains illegal value in attribute named SGI_ACL_FILE " "or SGI_ACL_DEFAULT\n")); } if (valuep != value) free(valuep); } else if (strncmp(namevalue, SGI_MAC_FILE, SGI_MAC_FILE_SIZE) == 0) { if (value == NULL) { memset(&macl, 0, sizeof(xfs_mac_label_t)); memmove(&macl, namevalue+namelen, valuelen); valuep = &macl; } else valuep = value; |
remediation | attr_repair.c:752 | |
bad_sizeof | attr_repair.c:752 |