Skip to content
GitLab
Closed (moved) (moved)
Created by teor@teor

CID 1452819: nul-terminated string handling, possibly spurious

Bug introduced by #21003 (moved), copying sponsors and tags.

/src/feature/nodelist/describe.c: 77 in format_node_description()
71       }
72       if (addr32h && has_addr) {
73         memcpy(cp, " and ", 5);
74         cp += 5;
75       }
76       if (has_addr) {
   CID 1452819:    (STRING_NULL)
   Passing unterminated string "cp" to "tor_addr_to_str", which expects a null-terminated string.
77         tor_addr_to_str(cp, addr, TOR_ADDR_BUF_LEN, 1);
78       }
79     
80       return buf;
81     }
82     
/src/feature/nodelist/describe.c: 70 in format_node_description()
64         cp += 4;
65       }
66       if (addr32h) {
67         struct in_addr in;
68         in.s_addr = htonl(addr32h);
69         tor_inet_ntoa(&in, cp, INET_NTOA_BUF_LEN);
   CID 1452819:    (STRING_NULL)
   Passing unterminated string "cp" to "strlen", which expects a null-terminated string.
70         cp += strlen(cp);
71       }
72       if (addr32h && has_addr) {
73         memcpy(cp, " and ", 5);
74         cp += 5;
75       }

I think the best fix for this issue is using strncpy() rather than memcpy().

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information