-
-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use target size limit in strncpy() in adapter.c. #1
Use target size limit in strncpy() in adapter.c. #1
Conversation
This fixes the following compiler warnings and potentially avoid a buffer overflow: adapter.c: In function ‘getAdapterConfig3’: adapter.c:510:63: warning: argument to ‘sizeof’ in ‘strncpy’ call is the same expression as the source; did you mean to use the size of the destination? [-Wsizeof-pointer-memaccess] 510 | strncpy (a->product, (char *) pinfo->product_name, sizeof (pinfo->product_name)); | ^ adapter.c: In function ‘getAdapterConfig5’: adapter.c:668:63: warning: argument to ‘sizeof’ in ‘strncpy’ call is the same expression as the source; did you mean to use the size of the destination? [-Wsizeof-pointer-memaccess] 668 | strncpy (a->product, (char *) pinfo->product_name, sizeof (pinfo->product_name)); | ^
This package has been requested for Debian https://bugs.debian.org/1065322 . Are you still maintaining the software package? |
I developed the package only on the equipment I had and on which I noticed problems with its operation. |
[Mieczyslaw Nalewaj]
I developed the package only on the equipment I had and on which I
noticed problems with its operation.
OK. Does this mean you are not interested in being upstream for a
Debian package?
It would mean to consider patches outside your equipments direct need.
A Debian maintainer would also need to submit issues upstream, which
will be hard with this github project where issues are disabled.
…--
Happy hacking
Petter Reinholdtsen
|
I enabled https://github.com/namiltd/megactl/issues |
[Mieczyslaw Nalewaj]
Does this mean you are willing to be upstream for this Debian package?
However, it will be difficult for me to check the patches for
equipment that I do not have and cannot check their operation.
Of course. I doubt anyone but Dell got all the controllers available
for testing. :)
Life as a Debian maintainer would be a lot easier if the you made
relases, ie assigned a slowly increasing version number to snapshots of
the source. A simple git tag or github release would work. It make it
easier for the automatic Debian version checking to discover when you
consider the latest set of changes to be ready for larger audience.
…--
Happy hacking
Petter Reinholdtsen
|
I think it should be based on https://github.com/hmage/megactl and post all patches there, including those from my repository. The last version there is 0.4.3-hmage, it's time for 0.4.4. |
[Mieczyslaw Nalewaj]
I think it should be based on https://github.com/hmage/megactl and
post all patches there, including those from my repository. The last
version there is 0.4.3-hmage, it's time for 0.4.4.
I tried sending a patch there to see what happened, but it has so far
been ignored. Only waited a day, so it is no reason to worry, but your
response time is certenly a lot better. :)
I hope you have better luck than me getting patches into the hmage
repository to secure a new release. :)
…--
Happy hacking
Petter Reinholdtsen
|
I did some marketing for the package in
<URL: https://people.skolelinux.org/pere/blog/RAID_status_from_LSI_Megaraid_controllers_using_free_software.html >.
…--
Happy hacking
Petter Reinholdtsen
|
It is also worth mentioning that the application works with phpSysinfo, a package for displaying information about your system, which is also included in Debian. |
Note, I just heard back from Jefferson Ogata, and he stated that he is
willing to hand over the Sourceforge project to someone with access to
machines using megactl.
…--
Happy hacking
Petter Reinholdtsen
|
@petterreinholdtsen I've read your blog post and wasn't able to find a good way to contact you. Anyways, maybe https://hwraid.le-vert.net/ is also worth a look. |
[Steffen Zieger]
@petterreinholdtsen I've read your blog post and wasn't able to find a
good way to contact you.
Aha. My email address show up on searches, at least when I search for
'<name> to from subject email', so it did not occur to me that I was
hard to find.
Anyways, maybe https://hwraid.le-vert.net/ is also worth a look.
Had a look, and it look like a nice resource to link to from the Debian
wiki page.
…--
Happy hacking
Petter Reinholdtsen
|
Mieczyslaw, did you have any luck getting any feedback from
Eugene/hmage?
Would you be interesting in taking over the original upstream project on
sourceforge? I suspect it would be the best distribution point to use
to get as much testing and impact as possible. :)
…--
Happy hacking
Petter Reinholdtsen
|
I have not received any information from Eugene/hmage |
[Mieczyslaw Nalewaj]
I have not received any information from Eugene/hmage
I guess he is busy elsewhere. :/
Speaking of sourceforge, it's not a problem for me.
OK, if/when I get access to the project, I'll add you to the project.
…--
Happy hacking
Petter Reinholdtsen
|
[Petter Reinholdtsen]
> Speaking of sourceforge, it's not a problem for me.
OK, if/when I get access to the project, I'll add you to the project.
No reply from upstream there so far. Would you be willing to tag a new
release while we wait?
…--
Happy hacking
Petter Reinholdtsen
|
Done: https://github.com/namiltd/megactl/releases/tag/v0.4.4 I also turned on Discussions to make communication easier: https://github.com/namiltd/megactl/discussions |
This fixes the following compiler warnings and potentially avoid a buffer overflow:
adapter.c: In function ‘getAdapterConfig3’:
adapter.c:510:63: warning: argument to ‘sizeof’ in ‘strncpy’ call is the same expression as the source; did you mean to use the size of the destination? [-Wsizeof-pointer-memaccess]
510 | strncpy (a->product, (char *) pinfo->product_name, sizeof (pinfo->product_name));
| ^
adapter.c: In function ‘getAdapterConfig5’:
adapter.c:668:63: warning: argument to ‘sizeof’ in ‘strncpy’ call is the same expression as the source; did you mean to use the size of the destination? [-Wsizeof-pointer-memaccess]
668 | strncpy (a->product, (char *) pinfo->product_name, sizeof (pinfo->product_name));
| ^