From f2d5d8b575cefb54d641e15fb1b28a0d598fbc83 Mon Sep 17 00:00:00 2001
From: Colin Ian King <colin.i.king@gmail.com>
Date: Mon, 29 Nov 2021 18:28:09 +0000
Subject: [PATCH 08/32] common/os/os_win.c: Fix incorrect usage of strncat

The wrong buffer size is being used for strncat. Fix this by keeping
account of how much space is left and only appending strings if there
is enough headroom to avoid a buffer overflow.

Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
---
 common/os/os_win.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/common/os/os_win.c b/common/os/os_win.c
index 09d2ed0..69e24be 100644
--- a/common/os/os_win.c
+++ b/common/os/os_win.c
@@ -117,6 +117,7 @@ node_cpu_string(node_t *node, char *s1, int size)
 	int i, j, k, l, cpuid_start;
 	int *cpuid_arr;
 	int ncpus;
+	int s1_len = size;
 	perf_cpu_t *cpus = node_cpus(node);
 
 	s1[0] = 0;
@@ -140,8 +141,7 @@ node_cpu_string(node_t *node, char *s1, int size)
 	cpuid_start = cpuid_arr[0];
 
 	if (ncpus == 1) {
-		(void) snprintf(s2, sizeof (s2), "%d", cpuid_start);
-        	(void) strncat(s1, s2, strlen(s2));
+		(void) snprintf(s1, size, "%d", cpuid_start);
         	free(cpuid_arr);
 		return;
 	}
@@ -152,6 +152,8 @@ node_cpu_string(node_t *node, char *s1, int size)
 	for (j = 1; j < ncpus; j++) {
 		k++;
 		if (cpuid_arr[j] != cpuid_start + l) {
+			int s2_len = sizeof(s2);
+
 			if (k < ncpus) {
 				if (l == 1) {
 					(void) snprintf(s2, sizeof (s2), "%d ", cpuid_start);
@@ -167,20 +169,27 @@ node_cpu_string(node_t *node, char *s1, int size)
 					(void) snprintf(s2, sizeof (s2), "%d-%d",
 						cpuid_start, cpuid_start + l - 1);
 				}
+				s2_len -= strlen(s2);
 
 				(void) snprintf(s3, sizeof (s3), " %d",
 					cpuid_arr[j]);
-	        	  	(void) strncat(s2, s3, strlen(s3));
+				s2_len -= strlen(s3);
+				if (s2_len > 0)
+					(void) strncat(s2, s3, s2_len);
 			}
 
-          		(void) strncat(s1, s2, strlen(s2));
+			s1_len -= strlen(s2);
+			if (s1_len > 0)
+				(void) strncat(s1, s2, s1_len);
           		cpuid_start = cpuid_arr[j];
            		l = 1;
 		} else {
 	        	if (k == ncpus) {
         	    		(void) snprintf(s2, sizeof (s2), "%d-%d",
                 			cpuid_start, cpuid_start + l);
-         			(void) strncat(s1, s2, strlen(s2));
+				s1_len -= strlen(s2);
+				if (s1_len > 0)
+					(void) strncat(s1, s2, s1_len);
        			} else {
             			l++;
        			}
-- 
2.41.0