Ensure received data is nul terminated, found by Coverity Scan

Coverity found two possible untrusted loop bounds, in unix_cb() and inet_cb(), that were indeed possibly unterminated strings. These were classified as medium. A third finding, marked high, was found in kernel_cb(), which upon further investigation seems bogus. This patch terminates the buffers received in unix_cb() and inet_cb() but only changes to 0 from \0 termination in kernel_cb(). Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
2021-05-06 09:42:45 +02:00 · 2021-05-06 09:42:45 +02:00 · 52fc3f7176
commit 52fc3f7176
parent 65ceec1171
1 changed files with 4 additions and 2 deletions
--- a/src/syslogd.c
+++ b/src/syslogd.c
@ -521,7 +521,7 @@ static void kernel_cb(int fd, void *arg)
 	for (;;) {
 		i = read(fd, line + len, MAXLINE - 1 - len);
 		if (i > 0) {
-			line[i + len] = '\0';
+			line[i + len] = 0;
 		} else {
 			if (i < 0) {
 				switch (errno) {
@ -543,7 +543,7 @@ static void kernel_cb(int fd, void *arg)
 		}

 		for (p = line; (q = strchr(p, '\n')) != NULL; p = q + 1) {
-			*q = '\0';
+			*q = 0;
 			printsys(p);
 		}
 		len = strlen(p);
@ -586,6 +586,7 @@ static void unix_cb(int sd, void *arg)
 			ERR("UNIX recv()");
 		return;
 	}
+	msg[msglen] = 0;

 	parsemsg(LocalHostName, msg);
 }
@ -656,6 +657,7 @@ static void inet_cb(int sd, void *arg)
 			ERR("INET recvfrom()");
 		return;
 	}
+	msg[len] = 0;

 	hname = cvthname((struct sockaddr *)&ss, sslen);
 	unmapped(sa);