#20 store-gen.c:244: Buffer out of bounds ?
Closed: Fixed None Opened 6 years ago by dcb.

I just ran the static analyser "cppcheck" over the source code of certmonger-0.67
It said

[store-gen.c:244]: (error) Buffer is accessed out of bounds.

Source code is

cm_store_timestamp_from_time_for_display(time_t when, char timestamp[21])
struct tm tm;
if ((when != 0) && (gmtime_r(&when, &tm) == &tm)) {
sprintf(timestamp, "%04d-%02d-%02d %02d:%02d:%02d UTC",
tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday,
tm.tm_hour, tm.tm_min, tm.tm_sec);
} else {
strcpy(timestamp, "19700101000000");

I count 25 chars written into timestamp by the first call
to sprintf. Suggest increase 21 in timestamp declaration to 25
and adjust the caller of cm_store_timestamp_from_time_for_display
to suit.

Also, the text in the call to strcpy doesn't match the format
in the call to sprintf.

Thanks for catching this. The fix should land in git shortly and in the next release.

This should be fixed in 0.68 and later. Thanks!

Metadata Update from @nalin:
- Issue assigned to nalin

3 years ago

Login to comment on this ticket.