You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ga...@apache.org on 2017/05/31 16:59:28 UTC
[trafficserver] branch master updated: cid 1375841: Replace strncpy
with memcpy
This is an automated email from the ASF dual-hosted git repository.
gancho pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 9a4aa33 cid 1375841: Replace strncpy with memcpy
9a4aa33 is described below
commit 9a4aa33c713e68dc4c10d60f49f6a4e58d2c11f1
Author: Gancho Tenev <ga...@apache.com>
AuthorDate: Wed May 31 07:09:58 2017 -0700
cid 1375841: Replace strncpy with memcpy
Issue:
CID 1375841 (#1 of 1): Buffer not null terminated (BUFFER_SIZE)
1. buffer_size: Calling strncpy with a source string whose length
(4 chars) is greater than or equal to the size argument (4) will
fail to null-terminate key.
Fix:
The code is correct. The buffer is not meant to be NULL-terminated.
It seems Coverity thinks that since strncpy is used NULL-terminated
buffer is expected. Changing strncpy to memcpy.
Also removing unnecessary #undef
---
plugins/s3_auth/aws_auth_v4.cc | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/plugins/s3_auth/aws_auth_v4.cc b/plugins/s3_auth/aws_auth_v4.cc
index 65c65b9..386bf69 100644
--- a/plugins/s3_auth/aws_auth_v4.cc
+++ b/plugins/s3_auth/aws_auth_v4.cc
@@ -29,7 +29,6 @@
#include <openssl/sha.h> /* SHA(), sha256_Update(), SHA256_Final, etc. */
#include <openssl/hmac.h> /* HMAC() */
-#undef AWS_AUTH_V4_DETAILED_DEBUG_OUTPUT
#ifdef AWS_AUTH_V4_DETAILED_DEBUG_OUTPUT
#include <iostream>
#endif
@@ -565,8 +564,8 @@ getSignature(const char *awsSecret, size_t awsSecretLen, const char *awsRegion,
size_t keyLen = 4 + awsSecretLen;
char key[keyLen];
- strncpy(key, "AWS4", 4);
- strncpy(key + 4, awsSecret, awsSecretLen);
+ memcpy(key, "AWS4", 4);
+ memcpy(key + 4, awsSecret, awsSecretLen);
unsigned int len = signatureLen;
if (HMAC(EVP_sha256(), key, keyLen, (unsigned char *)dateTime, dateTimeLen, dateKey, &dateKeyLen) &&
--
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].