From 882bcd01b9c7caaa0ef2fe27e67bddc340f8855e Mon Sep 17 00:00:00 2001 From: Dana Robinson <43805+derobins@users.noreply.github.com> Date: Sun, 15 Oct 2023 13:40:19 -0700 Subject: Fix a strncpy call to use dest size not src (#3677) A strncpy call in a path construction call used the size of the src buffer instead of the dest buffer as the limit n. This was switched to use the dest size and properly terminate the string if truncation occurs. --- src/H5system.c | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/src/H5system.c b/src/H5system.c index 7ff521e..30a89a1 100644 --- a/src/H5system.c +++ b/src/H5system.c @@ -620,7 +620,6 @@ H5_build_extpath(const char *name, char **extpath /*out*/) FUNC_ENTER_NOAPI_NOINIT - /* Sanity check */ assert(name); assert(extpath); @@ -634,8 +633,9 @@ H5_build_extpath(const char *name, char **extpath /*out*/) if (H5_CHECK_ABSOLUTE(name)) { if (NULL == (full_path = (char *)H5MM_strdup(name))) HGOTO_ERROR(H5E_INTERNAL, H5E_NOSPACE, FAIL, "memory allocation failed"); - } /* end if */ - else { /* relative pathname */ + } + else { + /* relative pathname */ char *retcwd; size_t name_len; int drive; @@ -655,12 +655,12 @@ H5_build_extpath(const char *name, char **extpath /*out*/) drive = HDtoupper(name[0]) - 'A' + 1; retcwd = HDgetdcwd(drive, cwdpath, MAX_PATH_LEN); strncpy(new_name, &name[2], name_len); - } /* end if */ - /* - * Windows: name[0] is a '/' or '\' - * Get current drive - * Unix: does not apply - */ + } + /* + * Windows: name[0] is a '/' or '\' + * Get current drive + * Unix: does not apply + */ else if (H5_CHECK_ABS_PATH(name) && (0 != (drive = HDgetdrive()))) { snprintf(cwdpath, MAX_PATH_LEN, "%c:%c", (drive + 'A' - 1), name[0]); retcwd = cwdpath; @@ -670,28 +670,32 @@ H5_build_extpath(const char *name, char **extpath /*out*/) else { retcwd = HDgetcwd(cwdpath, MAX_PATH_LEN); strncpy(new_name, name, name_len); - } /* end if */ + } if (retcwd != NULL) { size_t cwdlen; size_t path_len; - assert(cwdpath); cwdlen = strlen(cwdpath); - assert(cwdlen); - assert(new_name); + if (cwdlen == 0) + HGOTO_ERROR(H5E_INTERNAL, H5E_BADVALUE, FAIL, "cwd length is zero"); path_len = cwdlen + strlen(new_name) + 2; if (NULL == (full_path = (char *)H5MM_malloc(path_len))) HGOTO_ERROR(H5E_INTERNAL, H5E_NOSPACE, FAIL, "memory allocation failed"); - strncpy(full_path, cwdpath, cwdlen + 1); + /* path_len will always be greater than zero, so no check before + * setting the terminal NUL byte of full_path + */ + strncpy(full_path, cwdpath, path_len); + full_path[path_len - 1] = '\0'; + if (!H5_CHECK_DELIMITER(cwdpath[cwdlen - 1])) strncat(full_path, H5_DIR_SEPS, path_len - (cwdlen + 1)); strncat(full_path, new_name, path_len - (cwdlen + 1) - strlen(H5_DIR_SEPS)); - } /* end if */ - } /* end else */ + } + } - /* strip out the last component (the file name itself) from the path */ + /* Strip out the last component (the file name itself) from the path */ if (full_path) { char *ptr = NULL; @@ -699,10 +703,9 @@ H5_build_extpath(const char *name, char **extpath /*out*/) assert(ptr); *++ptr = '\0'; *extpath = full_path; - } /* end if */ + } done: - /* Release resources */ if (cwdpath) H5MM_xfree(cwdpath); if (new_name) -- cgit v0.12