From 362639786d5611b855c47365e62bcaed615dc20a Mon Sep 17 00:00:00 2001 From: elian Date: Fri, 24 May 2024 23:50:04 +0800 Subject: [PATCH] Fix buffer overflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When compiling, the following warning message is generated: "warning: ‘strncpy’ writing 1040 bytes into a region of size 1024 overflows the destination" This is because calloc allocates NLMSG_SPACE(MAX_PAYLOAD) space for nlh, which includes the space for the header, so the actual space available for the message is only MAX_PAYLOAD. --- vwifi-tool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vwifi-tool.c b/vwifi-tool.c index 4182d43..d889bf4 100644 --- a/vwifi-tool.c +++ b/vwifi-tool.c @@ -92,7 +92,7 @@ bool denylist_send(char *denylist) nlh->nlmsg_pid = getpid(); nlh->nlmsg_flags = 0; - strncpy(NLMSG_DATA(nlh), denylist, NLMSG_SPACE(MAX_PAYLOAD)); + strncpy(NLMSG_DATA(nlh), denylist, MAX_PAYLOAD); struct iovec iov = { .iov_base = (void *) nlh,