[libndp/f20] Fix bug truncating DNSSL domains (rh #1091720) (rh #1044084)

Fri May 16 19:54:20 UTC 2014

commit c1a3c2af9687092840ddd265904ea326b3a9bfb1
Author: Dan Williams <dcbw at redhat.com>
Date:   Fri May 16 14:53:37 2014 -0500

    Fix bug truncating DNSSL domains (rh #1091720) (rh #1044084)

 ...cppcheck-Undefined-behavior-Variable-buf-.patch |   41 ++++++++++++++++++++
 libndp.spec                                        |    8 +++-
 2 files changed, 48 insertions(+), 1 deletions(-)
---

diff --git a/0001-libndp-fix-cppcheck-Undefined-behavior-Variable-buf-.patch b/0001-libndp-fix-cppcheck-Undefined-behavior-Variable-buf-.patch
new file mode 100644
index 0000000..8cd0ead
--- /dev/null
+++ b/0001-libndp-fix-cppcheck-Undefined-behavior-Variable-buf-.patch
@@ -0,0 +1,41 @@
+From 4376e752c822444f1a26b5e1e974ddd7104ae15c Mon Sep 17 00:00:00 2001
+From: Jiri Pirko <jiri at resnulli.us>
+Date: Wed, 18 Dec 2013 13:26:49 +0100
+Subject: [patch] libndp: fix [cppcheck] Undefined behavior: Variable 'buf' is
+ used as parameter and destination in s[n]printf()
+
+cppcheck --enable=all --inconclusive --std=posix .
+
+ndp_msg_opt_dnssl_domain():
+			if (dom_len > len)
+				return NULL;
+
+			if (strlen(buf))
+---->				sprintf(buf, "%s.", buf);
+			buf[strlen(buf) + dom_len] = '\0';
+			memcpy(buf + strlen(buf), ptr, dom_len);
+
+So just use strcat instead.
+
+Reported-by: Dan Williams <dcbw at redhat.com>
+Signed-off-by: Jiri Pirko <jiri at resnulli.us>
+---
+ libndp/libndp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libndp/libndp.c b/libndp/libndp.c
+index 0bc3fe3..e510e2e 100644
+--- a/libndp/libndp.c
++++ b/libndp/libndp.c
+@@ -1540,7 +1540,7 @@ char *ndp_msg_opt_dnssl_domain(struct ndp_msg *msg, int offset,
+ 				return NULL;
+ 
+ 			if (strlen(buf))
+-				sprintf(buf, "%s.", buf);
++				strcat(buf, ".");
+ 			buf[strlen(buf) + dom_len] = '\0';
+ 			memcpy(buf + strlen(buf), ptr, dom_len);
+ 			ptr += dom_len;
+-- 
+1.8.4.2
+
diff --git a/libndp.spec b/libndp.spec
index ef1e556..f1a462d 100644
--- a/libndp.spec
+++ b/libndp.spec
@@ -1,12 +1,14 @@
 Name: libndp
 Version: 1.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: Library for Neighbor Discovery Protocol
 Group: System Environment/Libraries
 License: LGPLv2+
 URL: http://www.libndp.org/
 Source: http://www.libndp.org/files/libndp-%{version}.tar.gz
 
+Patch0: 0001-libndp-fix-cppcheck-Undefined-behavior-Variable-buf-.patch
+
 %description
 This package contains a library which provides a wrapper
 for IPv6 Neighbor Discovery Protocol.  It also provides a tool
@@ -23,6 +25,7 @@ necessary for developing programs using libndp.
 
 %prep
 %setup -q
+%patch0 -p1 -b .fix_cppcheck_var_buf
 
 %build
 %configure --disable-static
@@ -48,6 +51,9 @@ find $RPM_BUILD_ROOT -name \*.la -delete
 %{_libdir}/pkgconfig/*.pc
 
 %changelog
+* Tue Jan 21 2014 Jiri Pirko <jpirko at redhat.com> - 1.2-2
+- libndp: fix [cppcheck] Undefined behavior: Variable 'buf' is used as parameter and destination in s[n]printf() [1044084] [1091720]
+
 * Tue Oct 15 2013 Jiri Pirko <jpirko at redhat.com> - 1.2-1
 - Update to 1.2
 - libndp: silently ignore packets with optlen 0
