[asterisk-bugs] [JIRA] (SS7-64) strncpy() is used to potentially truncate a string but doesn't NULL terminate it

Sean Bright (JIRA) noreply at issues.asterisk.org
Fri Aug 27 09:21:33 CDT 2021 

     [ https://issues.asterisk.org/jira/browse/SS7-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sean Bright updated SS7-64:
---------------------------

    Description: “Hi! I’m the maintainer of the libss7 and libpri packages in Fedora Linux. I’ve been looking at some warnings that appear when libss7 is compiled with -Wstringop-truncation (Fedora usually adds -Werror=stringop-truncation). There are several cases where strncpy() is used to potentially truncate a string, and I suspect the result is expected to be null-terminated—but as the warnings point out, strncpy() does not null-terminate when the input is too long. I was hoping for an opinion from an upstream developer. Full details are at: https://bugzilla.redhat.com/show_bug.cgi?id=1932066. Thanks!"  (was:  “Hi! I’m the maintainer of the libss7 and libpri packages in Fedora Linux. I’ve been looking at some warnings that appear when libss7 is compiled with -Wstringop-truncation (Fedora usually adds -Werror=stringop-truncation). There are several cases where strncpy() is used to potentially truncate a string, and I suspect the result is expected to be null-terminated—but as the w
[06:28:12] <music> arnings point out, strncpy() doe s not null-terminate when the input is too long. I was hoping for an opinion from an upstream developer. Full details are at: https://bugzilla.redhat.com/show_bug.cgi?id=1932066. Thanks!”)

> strncpy() is used to potentially truncate a string but doesn't NULL terminate it
> --------------------------------------------------------------------------------
>
>                 Key: SS7-64
>                 URL: https://issues.asterisk.org/jira/browse/SS7-64
>             Project: LibSS7
>          Issue Type: Bug
>      Security Level: None
>          Components: General
>    Affects Versions: 2.0.0
>            Reporter: George Joseph
>            Assignee: Matthew Fredrickson
>
> “Hi! I’m the maintainer of the libss7 and libpri packages in Fedora Linux. I’ve been looking at some warnings that appear when libss7 is compiled with -Wstringop-truncation (Fedora usually adds -Werror=stringop-truncation). There are several cases where strncpy() is used to potentially truncate a string, and I suspect the result is expected to be null-terminated—but as the warnings point out, strncpy() does not null-terminate when the input is too long. I was hoping for an opinion from an upstream developer. Full details are at: https://bugzilla.redhat.com/show_bug.cgi?id=1932066. Thanks!"



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list