Use target size limit in strncpy() in adapter.c. #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This fixes the following compiler warnings and potentially avoid a buffer overflow:
adapter.c: In function ‘getAdapterConfig3’:
adapter.c:510:63: warning: argument to ‘sizeof’ in ‘strncpy’ call is the same expression as the source; did you mean to use the size of the destination? [-Wsizeof-pointer-memaccess]
510 | strncpy (a->product, (char *) pinfo->product_name, sizeof (pinfo->product_name));
| ^
adapter.c: In function ‘getAdapterConfig5’:
adapter.c:668:63: warning: argument to ‘sizeof’ in ‘strncpy’ call is the same expression as the source; did you mean to use the size of the destination? [-Wsizeof-pointer-memaccess]
668 | strncpy (a->product, (char *) pinfo->product_name, sizeof (pinfo->product_name));
| ^
|
This package has been requested for Debian https://bugs.debian.org/1065322 . Are you still maintaining the software package? |
|
I developed the package only on the equipment I had and on which I noticed problems with its operation. |
|
[Mieczyslaw Nalewaj]
I developed the package only on the equipment I had and on which I
noticed problems with its operation.
OK. Does this mean you are not interested in being upstream for a
Debian package?
It would mean to consider patches outside your equipments direct need.
A Debian maintainer would also need to submit issues upstream, which
will be hard with this github project where issues are disabled.
…--
Happy hacking
Petter Reinholdtsen
|
|
I enabled https://github.com/namiltd/megactl/issues |
|
[Mieczyslaw Nalewaj]
Does this mean you are willing to be upstream for this Debian package?
However, it will be difficult for me to check the patches for
equipment that I do not have and cannot check their operation.
Of course. I doubt anyone but Dell got all the controllers available
for testing. :)
Life as a Debian maintainer would be a lot easier if the you made
relases, ie assigned a slowly increasing version number to snapshots of
the source. A simple git tag or github release would work. It make it
easier for the automatic Debian version checking to discover when you
consider the latest set of changes to be ready for larger audience.
…--
Happy hacking
Petter Reinholdtsen
|
|
I think it should be based on https://github.com/hmage/megactl and post all patches there, including those from my repository. The last version there is 0.4.3-hmage, it's time for 0.4.4. |
|
[Mieczyslaw Nalewaj]
I think it should be based on https://github.com/hmage/megactl and
post all patches there, including those from my repository. The last
version there is 0.4.3-hmage, it's time for 0.4.4.
I tried sending a patch there to see what happened, but it has so far
been ignored. Only waited a day, so it is no reason to worry, but your
response time is certenly a lot better. :)
I hope you have better luck than me getting patches into the hmage
repository to secure a new release. :)
…--
Happy hacking
Petter Reinholdtsen
|
|
I did some marketing for the package in
<URL: https://people.skolelinux.org/pere/blog/RAID_status_from_LSI_Megaraid_controllers_using_free_software.html >.
…--
Happy hacking
Petter Reinholdtsen
|
|
It is also worth mentioning that the application works with phpSysinfo, a package for displaying information about your system, which is also included in Debian. |
|
Note, I just heard back from Jefferson Ogata, and he stated that he is
willing to hand over the Sourceforge project to someone with access to
machines using megactl.
…--
Happy hacking
Petter Reinholdtsen
|
|
@petterreinholdtsen I've read your blog post and wasn't able to find a good way to contact you. Anyways, maybe https://hwraid.le-vert.net/ is also worth a look. |
|
[Steffen Zieger]
@petterreinholdtsen I've read your blog post and wasn't able to find a
good way to contact you.
Aha. My email address show up on searches, at least when I search for
'<name> to from subject email', so it did not occur to me that I was
hard to find.
Anyways, maybe https://hwraid.le-vert.net/ is also worth a look.
Had a look, and it look like a nice resource to link to from the Debian
wiki page.
…--
Happy hacking
Petter Reinholdtsen
|
|
Mieczyslaw, did you have any luck getting any feedback from
Eugene/hmage?
Would you be interesting in taking over the original upstream project on
sourceforge? I suspect it would be the best distribution point to use
to get as much testing and impact as possible. :)
…--
Happy hacking
Petter Reinholdtsen
|
|
I have not received any information from Eugene/hmage |
|
[Mieczyslaw Nalewaj]
I have not received any information from Eugene/hmage
I guess he is busy elsewhere. :/
Speaking of sourceforge, it's not a problem for me.
OK, if/when I get access to the project, I'll add you to the project.
…--
Happy hacking
Petter Reinholdtsen
|
|
[Petter Reinholdtsen]
> Speaking of sourceforge, it's not a problem for me.
OK, if/when I get access to the project, I'll add you to the project.
No reply from upstream there so far. Would you be willing to tag a new
release while we wait?
…--
Happy hacking
Petter Reinholdtsen
|
|
Done: https://github.com/namiltd/megactl/releases/tag/v0.4.4 I also turned on Discussions to make communication easier: https://github.com/namiltd/megactl/discussions |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fixes the following compiler warnings and potentially avoid a buffer overflow:
adapter.c: In function ‘getAdapterConfig3’:
adapter.c:510:63: warning: argument to ‘sizeof’ in ‘strncpy’ call is the same expression as the source; did you mean to use the size of the destination? [-Wsizeof-pointer-memaccess]
510 | strncpy (a->product, (char *) pinfo->product_name, sizeof (pinfo->product_name));
| ^
adapter.c: In function ‘getAdapterConfig5’:
adapter.c:668:63: warning: argument to ‘sizeof’ in ‘strncpy’ call is the same expression as the source; did you mean to use the size of the destination? [-Wsizeof-pointer-memaccess]
668 | strncpy (a->product, (char *) pinfo->product_name, sizeof (pinfo->product_name));
| ^