From 1536c5beb6e836e86ac8e79ea300b9e0e309b580 Mon Sep 17 00:00:00 2001 From: Andy Green Date: Sat, 23 Apr 2016 07:21:48 +0800 Subject: [PATCH] coverity 160160/160161 test server commanline args strncpy NUL management Just test app argument string handling, it is "HIGH" impact as Coverity says but it's not network-accessible or in the library. Signed-off-by: Andy Green --- test-server/test-client.c | 12 ++++++++---- test-server/test-server.c | 12 ++++++++---- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/test-server/test-client.c b/test-server/test-client.c index 086d52a3..47b6281f 100644 --- a/test-server/test-client.c +++ b/test-server/test-client.c @@ -383,13 +383,16 @@ int main(int argc, char **argv) deny_mux = 1; break; case 'C': - strncpy(cert_path, optarg, sizeof cert_path); + strncpy(cert_path, optarg, sizeof(cert_path) - 1); + cert_path[sizeof(cert_path) - 1] = '\0'; break; case 'K': - strncpy(key_path, optarg, sizeof key_path); + strncpy(key_path, optarg, sizeof(key_path) - 1); + key_path[sizeof(key_path) - 1] = '\0'; break; case 'A': - strncpy(ca_path, optarg, sizeof ca_path); + strncpy(ca_path, optarg, sizeof(ca_path) - 1); + ca_path[sizeof(ca_path) - 1] = '\0'; break; #if defined(LWS_USE_POLARSSL) #else @@ -397,7 +400,8 @@ int main(int argc, char **argv) #else #if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param) case 'R': - strncpy(crl_path, optarg, sizeof crl_path); + strncpy(crl_path, optarg, sizeof(crl_path) - 1); + crl_path[sizeof(crl_path) - 1] = '\0'; break; #endif #endif diff --git a/test-server/test-server.c b/test-server/test-server.c index da618ce3..505df01a 100644 --- a/test-server/test-server.c +++ b/test-server/test-server.c @@ -265,13 +265,16 @@ int main(int argc, char **argv) printf("Setting resource path to \"%s\"\n", resource_path); break; case 'C': - strncpy(cert_path, optarg, sizeof cert_path); + strncpy(cert_path, optarg, sizeof(cert_path) - 1); + cert_path[sizeof(cert_path) - 1] = '\0'; break; case 'K': - strncpy(key_path, optarg, sizeof key_path); + strncpy(key_path, optarg, sizeof(key_path) - 1); + key_path[sizeof(key_path) - 1] = '\0'; break; case 'A': - strncpy(ca_path, optarg, sizeof ca_path); + strncpy(ca_path, optarg, sizeof(ca_path) - 1); + ca_path[sizeof(ca_path) - 1] = '\0'; break; #if defined(LWS_OPENSSL_SUPPORT) case 'v': @@ -284,7 +287,8 @@ int main(int argc, char **argv) #else #if defined(LWS_HAVE_SSL_CTX_set1_param) case 'R': - strncpy(crl_path, optarg, sizeof crl_path); + strncpy(crl_path, optarg, sizeof(crl_path) - 1); + crl_path[sizeof(crl_path) - 1] = '\0'; break; #endif #endif