Fix nasa#231, to_lab app: strcpy() does not check bound.#232
Conversation
… to follow best practices of using strncpy.
d2c5a5d to
c12ea2d
Compare
|
As the code stands today, stcpy is fine as there is no worry for an overflow. PipeName and ToTlmPipeName's sizes are 16 and the strings being copied into them each have 15 characters plus room for a null terminator. |
… such as copying a string from one variable to a local variable, when using the the original variable works the same but with less steps.
|
During the cFS Core Framework & Maintenance Code Reviews meeting on 6/11, I brought up this PR and my above comment. Joe suggested instead of using using strcpy or strncpy at all, the code could use some cleanup as there were unnecessary actions being done. Copying one hard coded string into a local variable only to use that local variable once was just adding additional unnecessary tasks. The code is now cleaned up. |
jphickey
left a comment
There was a problem hiding this comment.
I like this ... its simpler!
Checklist (Please check before submitting)
Describe the contribution
Static analyzer via CodeSonar found two usages of 'strcpy' in the to_lab App. Strcpy() does not check bounds and should be replaced with something that does, like strncpy(). strncpy(dest, src, sizeof(dest)-1);
Note: When using strncpy, it’s safer to pass sizeof(dest) - 1 instead of sizeof(dest) to reserve space for the null terminator and avoid unterminated strings.
Fixes #231
More Info
Code Sonar error: BADFUNC.BO.STRCPY : Use of strcpy
Summary: A use of strcpy() or a similar function (see full list below), which are vulnerable to buffer overflows.
Resolution: Use a function that does bounds checking, such as strncpy(), StrCbCopy(), or StrCchCopy().
The issue seems to be a concern over buffer overflow. The source string being copied over to a destination string could potentially cause issues if, for example, the source string doesn't have a null terminator for some reason. That would mean garbage could potentially be added into the destination string.
Strncpy can add null characters, omit them, and pad them depending on the size you pass.
If the source string is shorter than n, strncpy copies it and pads with null characters until n bytes.
If the source string length is equal to or longer than n, strncpy copies exactly n bytes with NO null terminator.
Because of this, you must always add a terminator yourself when using strncpy for string copying.
Common practice while using strncpy:
strncpy(dest, src, sizeof(dest) - 1); //sizeof()-1 makes sure there will be room for null terminator
dest[sizeof(dest) - 1] = '\0'; //make sure the destination string has a null terminator
Testing performed