[linux-cifs-client] cifs/sess.c: Buffer access out-of-bounds

Steve French smfrench at gmail.com
Tue Feb 2 08:46:50 MST 2010


On Tue, Feb 2, 2010 at 5:59 AM, d binderman <dcb314 at hotmail.com> wrote:
>
>
> Hello there,
>
> I just ran the sourceforge tool cppcheck over the source code of the
> new Linux kernel 2.6.33-rc6
>
> It said
>
> [./cifs/sess.c:250]: (error) Buffer access out-of-bounds
>
> The source code is
>
>                 strncpy(bcc_ptr, ses->userName, 300);
>
> but
>
>        char userName[MAX_USERNAME_SIZE + 1];
>
> Suggest new code
>
>                 strncpy(bcc_ptr, ses->userName, MAX_USERNAME_SIZE + 1);
Good catch.  I will fix this.

Probably better as:
 strncpy(bcc_ptr, ses->userName, MAX_USERNAME_SIZE);
to keep it null terminated and I will change the similar strnlen for clarity.

but MAX_USERNAME_SIZE also is too small (should be at least 40 bytes -
Windows  maximum user name length is 20 characters)

-- 
Thanks,

Steve


More information about the linux-cifs-client mailing list