numatop/0008-common-os-os_win.c-Fix-incorrect-usage-of-strncat.patch

From f2d5d8b575cefb54d641e15fb1b28a0d598fbc83 Mon Sep 17 00:00:00 2001
From: Colin Ian King <colin.i.king@gmail.com>
Date: Mon, 29 Nov 2021 18:28:09 +0000
Subject: [PATCH 08/32] common/os/os_win.c: Fix incorrect usage of strncat

The wrong buffer size is being used for strncat. Fix this by keeping
account of how much space is left and only appending strings if there
is enough headroom to avoid a buffer overflow.

Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
---
 common/os/os_win.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/common/os/os_win.c b/common/os/os_win.c
index 09d2ed0..69e24be 100644
--- a/common/os/os_win.c
+++ b/common/os/os_win.c
@@ -117,6 +117,7 @@ node_cpu_string(node_t *node, char *s1, int size)
 	int i, j, k, l, cpuid_start;
 	int *cpuid_arr;
 	int ncpus;
+	int s1_len = size;
 	perf_cpu_t *cpus = node_cpus(node);
 
 	s1[0] = 0;
@@ -140,8 +141,7 @@ node_cpu_string(node_t *node, char *s1, int size)
 	cpuid_start = cpuid_arr[0];
 
 	if (ncpus == 1) {
-		(void) snprintf(s2, sizeof (s2), "%d", cpuid_start);
-        	(void) strncat(s1, s2, strlen(s2));
+		(void) snprintf(s1, size, "%d", cpuid_start);
         	free(cpuid_arr);
 		return;
 	}
@@ -152,6 +152,8 @@ node_cpu_string(node_t *node, char *s1, int size)
 	for (j = 1; j < ncpus; j++) {
 		k++;
 		if (cpuid_arr[j] != cpuid_start + l) {
+			int s2_len = sizeof(s2);
+
 			if (k < ncpus) {
 				if (l == 1) {
 					(void) snprintf(s2, sizeof (s2), "%d ", cpuid_start);
@@ -167,20 +169,27 @@ node_cpu_string(node_t *node, char *s1, int size)
 					(void) snprintf(s2, sizeof (s2), "%d-%d",
 						cpuid_start, cpuid_start + l - 1);
 				}
+				s2_len -= strlen(s2);
 
 				(void) snprintf(s3, sizeof (s3), " %d",
 					cpuid_arr[j]);
-	        	  	(void) strncat(s2, s3, strlen(s3));
+				s2_len -= strlen(s3);
+				if (s2_len > 0)
+					(void) strncat(s2, s3, s2_len);
 			}
 
-          		(void) strncat(s1, s2, strlen(s2));
+			s1_len -= strlen(s2);
+			if (s1_len > 0)
+				(void) strncat(s1, s2, s1_len);
           		cpuid_start = cpuid_arr[j];
            		l = 1;
 		} else {
 	        	if (k == ncpus) {
         	    		(void) snprintf(s2, sizeof (s2), "%d-%d",
                 			cpuid_start, cpuid_start + l);
-         			(void) strncat(s1, s2, strlen(s2));
+				s1_len -= strlen(s2);
+				if (s1_len > 0)
+					(void) strncat(s1, s2, s1_len);
        			} else {
             			l++;
        			}
-- 
2.41.0
back port Resolves: https://issues.redhat.com/browse/RHEL-24552 Signed-off-by: Pingfan Liu <piliu@redhat.com> 2024-09-19 03:23:10 +00:00			`From f2d5d8b575cefb54d641e15fb1b28a0d598fbc83 Mon Sep 17 00:00:00 2001`
			`From: Colin Ian King <colin.i.king@gmail.com>`
			`Date: Mon, 29 Nov 2021 18:28:09 +0000`
			`Subject: [PATCH 08/32] common/os/os_win.c: Fix incorrect usage of strncat`

			`The wrong buffer size is being used for strncat. Fix this by keeping`
			`account of how much space is left and only appending strings if there`
			`is enough headroom to avoid a buffer overflow.`

			`Signed-off-by: Colin Ian King <colin.i.king@gmail.com>`
			`---`
			`common/os/os_win.c \| 19 ++++++++++++++-----`
			`1 file changed, 14 insertions(+), 5 deletions(-)`

			`diff --git a/common/os/os_win.c b/common/os/os_win.c`
			`index 09d2ed0..69e24be 100644`
			`--- a/common/os/os_win.c`
			`+++ b/common/os/os_win.c`
			`@@ -117,6 +117,7 @@ node_cpu_string(node_t node, char s1, int size)`
			`int i, j, k, l, cpuid_start;`
			`int *cpuid_arr;`
			`int ncpus;`
			`+ int s1_len = size;`
			`perf_cpu_t *cpus = node_cpus(node);`

			`s1[0] = 0;`
			`@@ -140,8 +141,7 @@ node_cpu_string(node_t node, char s1, int size)`
			`cpuid_start = cpuid_arr[0];`

			`if (ncpus == 1) {`
			`- (void) snprintf(s2, sizeof (s2), "%d", cpuid_start);`
			`- (void) strncat(s1, s2, strlen(s2));`
			`+ (void) snprintf(s1, size, "%d", cpuid_start);`
			`free(cpuid_arr);`
			`return;`
			`}`
			`@@ -152,6 +152,8 @@ node_cpu_string(node_t node, char s1, int size)`
			`for (j = 1; j < ncpus; j++) {`
			`k++;`
			`if (cpuid_arr[j] != cpuid_start + l) {`
			`+ int s2_len = sizeof(s2);`
			`+`
			`if (k < ncpus) {`
			`if (l == 1) {`
			`(void) snprintf(s2, sizeof (s2), "%d ", cpuid_start);`
			`@@ -167,20 +169,27 @@ node_cpu_string(node_t node, char s1, int size)`
			`(void) snprintf(s2, sizeof (s2), "%d-%d",`
			`cpuid_start, cpuid_start + l - 1);`
			`}`
			`+ s2_len -= strlen(s2);`

			`(void) snprintf(s3, sizeof (s3), " %d",`
			`cpuid_arr[j]);`
			`- (void) strncat(s2, s3, strlen(s3));`
			`+ s2_len -= strlen(s3);`
			`+ if (s2_len > 0)`
			`+ (void) strncat(s2, s3, s2_len);`
			`}`

			`- (void) strncat(s1, s2, strlen(s2));`
			`+ s1_len -= strlen(s2);`
			`+ if (s1_len > 0)`
			`+ (void) strncat(s1, s2, s1_len);`
			`cpuid_start = cpuid_arr[j];`
			`l = 1;`
			`} else {`
			`if (k == ncpus) {`
			`(void) snprintf(s2, sizeof (s2), "%d-%d",`
			`cpuid_start, cpuid_start + l);`
			`- (void) strncat(s1, s2, strlen(s2));`
			`+ s1_len -= strlen(s2);`
			`+ if (s1_len > 0)`
			`+ (void) strncat(s1, s2, s1_len);`
			`} else {`
			`l++;`
			`}`
			`--`
			`2.41.0`