Cleanup and sanity-checking of use of strncpy/strcpy (Coverity static analysis)

diff --git a/linux_module/iface-code-inject.c b/linux_module/iface-code-inject.c
index 1262d77..34c3e6a 100644 (file)
--- a/linux_module/iface-code-inject.c
+++ b/linux_module/iface-code-inject.c
@@ -74,7 +74,8 @@ static int vm_tophalf_inject (struct v3_guest * guest, unsigned int cmd, unsigne
 
     /* we have a binary name */
     if (top_arg.is_exec_hooked) {
-        strcpy(top->bin_file, top_arg.bin_file);
+        strncpy(top->bin_file, top_arg.bin_file,256);
+       top->bin_file[255] = 0;
         top->is_exec_hooked = 1;
         DEBUG("top->bin_file is %s\n", top->bin_file);
     } 

diff --git a/linux_module/iface-env-inject.c b/linux_module/iface-env-inject.c
index af8ff6d..af60915 100644 (file)
--- a/linux_module/iface-env-inject.c
+++ b/linux_module/iface-env-inject.c
@@ -68,7 +68,8 @@ static int vm_env_inject (struct v3_guest * guest, unsigned int cmd, unsigned lo
 
     env->num_strings = env_arg.num_strings;
     
-    strcpy(env->bin_name, env_arg.bin_name);
+    strncpy(env->bin_name, env_arg.bin_name, MAX_STRING_LEN);
+    env->bin_name[MAX_STRING_LEN-1] = 0;
     DEBUG("Binary hooked on: %s\n", env->bin_name);
 
     //DEBUG("Palacios: Allocating space for %u env var string ptrs...\n", env->num_strings);

diff --git a/linux_module/iface-file.c b/linux_module/iface-file.c
index e826296..92ed9ff 100644 (file)
--- a/linux_module/iface-file.c
+++ b/linux_module/iface-file.c
@@ -56,6 +56,7 @@ static int mkdir_recursive(const char * path, unsigned short perms) {
     }
 
     memset(tmp_str, 0, strlen(path) + 1);
+    // will terminate tmp_str
     strncpy(tmp_str, path, strlen(path));
 
     dirname_ptr = tmp_str;
@@ -226,7 +227,7 @@ static void * palacios_file_open(const char * path, int mode, void * private_dat
        return NULL;
     }
 
-    pfile->path = palacios_alloc(strlen(path));
+    pfile->path = palacios_alloc(strlen(path) + 1);
     
     if (!pfile->path) { 
        ERROR("Cannot allocate in file open\n");
@@ -234,7 +235,7 @@ static void * palacios_file_open(const char * path, int mode, void * private_dat
        palacios_free(pfile);
        return NULL;
     }
-    strncpy(pfile->path, path, strlen(path));
+    strncpy(pfile->path, path, strlen(path)); // will terminate pfile->path
     pfile->guest = guest;
     
     palacios_spinlock_init(&(pfile->lock));

diff --git a/linux_module/iface-host-dev.c b/linux_module/iface-host-dev.c
index c9c586e..c8f8f60 100644 (file)
--- a/linux_module/iface-host-dev.c
+++ b/linux_module/iface-host-dev.c
@@ -785,6 +785,7 @@ static v3_host_dev_t palacios_host_dev_open_deferred(char *url,
     memset(dev,0,sizeof(struct palacios_host_device_user));
     
     strncpy(dev->url,url,MAX_URL);
+    dev->url[MAX_URL-1] = 0;
     
     dev->guestdev = gdev;
     

diff --git a/linux_module/iface-host-pci.c b/linux_module/iface-host-pci.c
index 48097d8..9eb3a9a 100644 (file)
--- a/linux_module/iface-host-pci.c
+++ b/linux_module/iface-host-pci.c
@@ -184,6 +184,7 @@ static int register_pci_hw_dev(unsigned int cmd, unsigned long arg) {
 
     
     strncpy(host_dev->name, hw_dev_arg.name, 128);
+    host_dev->name[127] = 0;
     host_dev->v3_dev.host_data = host_dev;
     
 

diff --git a/linux_module/iface-keyed-stream.c b/linux_module/iface-keyed-stream.c
index 5bce431..365a9c7 100644 (file)
--- a/linux_module/iface-keyed-stream.c
+++ b/linux_module/iface-keyed-stream.c
@@ -310,7 +310,7 @@ static v3_keyed_stream_t open_stream_mem(char *url,
                    return 0;
                }
 
-               strcpy(mykey,url+4);
+               strcpy(mykey,url+4); // will fit
                
                mks = (struct mem_keyed_stream *) palacios_alloc(sizeof(struct mem_keyed_stream));
 
@@ -382,7 +382,7 @@ static v3_keyed_stream_key_t open_key_mem(v3_keyed_stream_t stream,
            return 0;
        }
 
-       strcpy(mykey,key);
+       strcpy(mykey,key); // will fit
 
        m = create_mem_stream();
        
@@ -431,7 +431,7 @@ static void preallocate_hint_key_mem(v3_keyed_stream_t stream,
            return;
        }
        
-       strcpy(mykey,key);
+       strcpy(mykey,key); // will fit
        
        m = create_mem_stream_internal(size);
        
@@ -684,7 +684,7 @@ static v3_keyed_stream_t open_stream_file(char *url,
        return 0;
     }
     
-    strcpy(fks->path,url+5);
+    strcpy(fks->path,url+5); // will fit
     
     fks->stype=STREAM_FILE;
 
@@ -796,6 +796,7 @@ static v3_keyed_stream_key_t open_key_file(v3_keyed_stream_t stream,
        ERROR("cannot allocate file keyed stream for key %s\n",key);
        return 0;
     }
+    // this sequence will fit and terminate with a zero
     strcpy(path,fks->path);
     strcat(path,"/");
     strcat(path,key);
@@ -2082,7 +2083,7 @@ static v3_keyed_stream_key_t open_key_user(v3_keyed_stream_t stream, char *key)
 
     s->op->type = PALACIOS_KSTREAM_OPEN_KEY;
     s->op->buf_len = len;
-    strncpy(s->op->buf,key,len);
+    strncpy(s->op->buf,key,len); // will terminate buffer
 
     // enter with it locked
     if (do_request_to_response(s,&flags)) { 

diff --git a/linux_module/iface-pstate-ctrl.c b/linux_module/iface-pstate-ctrl.c
index 2864ea0..9b3e4bb 100644 (file)
--- a/linux_module/iface-pstate-ctrl.c
+++ b/linux_module/iface-pstate-ctrl.c
@@ -876,6 +876,7 @@ static int get_current_governor(char **buf, unsigned int cpu)
     }
 
     strncpy(govname, policy->governor->name, MAX_GOV_NAME_LEN);
+    govname[MAX_GOV_NAME_LEN-1] = 0;
 
     get_cpu_var(core_state).linux_governor = govname;
     put_cpu_var(core_state);

diff --git a/linux_module/iface-stream.c b/linux_module/iface-stream.c
index 36c6185..207f5f0 100644 (file)
--- a/linux_module/iface-stream.c
+++ b/linux_module/iface-stream.c
@@ -246,7 +246,8 @@ static void * palacios_stream_open(struct v3_stream * v3_stream, const char * na
     stream->guest = guest;
     stream->connected = 0;
 
-    strncpy(stream->name, name, STREAM_NAME_LEN - 1);
+    strncpy(stream->name, name, STREAM_NAME_LEN);
+    stream->name[STREAM_NAME_LEN-1] = 0;
 
     init_waitqueue_head(&(stream->user_poll_queue));
     palacios_spinlock_init(&(stream->lock));

diff --git a/linux_module/main.c b/linux_module/main.c
index b4c4637..12fa2fe 100644 (file)
--- a/linux_module/main.c
+++ b/linux_module/main.c
@@ -134,7 +134,8 @@ static long v3_dev_ioctl(struct file * filp,
                goto out_err2;
            }      
 
-           strncpy(guest->name, user_image.name, 127);
+           strncpy(guest->name, user_image.name, 128);
+           guest->name[127] = 0;
 
            INIT_LIST_HEAD(&(guest->exts));
 

diff --git a/palacios/src/devices/generic.c b/palacios/src/devices/generic.c
index bf4adc4..23f00ce 100644 (file)
--- a/palacios/src/devices/generic.c
+++ b/palacios/src/devices/generic.c
@@ -691,6 +691,7 @@ static int generic_init(struct v3_vm_info * vm, v3_cfg_tree_t * cfg) {
     
     memset(state, 0, sizeof(struct generic_internal));
     strncpy(state->name,dev_id,MAX_NAME);
+    state->name[MAX_NAME-1] = 0;
 
     if (!forward) { 
        state->forward_type=GENERIC_PHYSICAL;

diff --git a/palacios/src/devices/host_pci.c b/palacios/src/devices/host_pci.c
index b12d3a0..c7dc435 100644 (file)
--- a/palacios/src/devices/host_pci.c
+++ b/palacios/src/devices/host_pci.c
@@ -519,6 +519,7 @@ static int host_pci_init(struct v3_vm_info * vm, v3_cfg_tree_t * cfg) {
     
     state->pci_bus = pci;
     strncpy(state->name, dev_id, 32);
+    state->name[31] = 0;
 
 
     dev = v3_add_device(vm, dev_id, &dev_ops, state);

diff --git a/palacios/src/devices/host_pci_selpriv.c b/palacios/src/devices/host_pci_selpriv.c
index 1af5e86..ab84b50 100644 (file)
--- a/palacios/src/devices/host_pci_selpriv.c
+++ b/palacios/src/devices/host_pci_selpriv.c
@@ -958,6 +958,7 @@ static int host_pci_init(struct v3_vm_info * vm, v3_cfg_tree_t * cfg) {
     
     state->pci_bus = pci;
     strncpy(state->name, dev_id, 32);
+    state->name[31] = 0;
 
 
     dev = v3_add_device(vm, dev_id, &dev_ops, state);

diff --git a/palacios/src/devices/ide.c b/palacios/src/devices/ide.c
index e9a0dd1..bc42ea8 100644 (file)
--- a/palacios/src/devices/ide.c
+++ b/palacios/src/devices/ide.c
@@ -1990,7 +1990,8 @@ static int connect_fn(struct v3_vm_info * vm,
     }
 
     if (model_str != NULL) {
-       strncpy(drive->model, model_str, sizeof(drive->model) - 1);
+       strncpy(drive->model, model_str, sizeof(drive->model));
+       drive->model[sizeof(drive->model)-1] = 0;
     }
 
     if (strcasecmp(type_str, "cdrom") == 0) {

diff --git a/palacios/src/devices/netdisk.c b/palacios/src/devices/netdisk.c
index 403d9d5..8e0ec7f 100644 (file)
--- a/palacios/src/devices/netdisk.c
+++ b/palacios/src/devices/netdisk.c
@@ -291,6 +291,7 @@ static int disk_init(struct v3_vm_info * vm, v3_cfg_tree_t * cfg) {
     PrintDebug(vm, VCORE_NONE, "Registering Net disk at %s:%s disk=%s\n", ip_str, port_str, disk_tag);
 
     strncpy(disk->disk_name, disk_tag, sizeof(disk->disk_name));
+    disk->disk_name[sizeof(disk->disk_name)-1] = 0;
     disk->ip_addr = v3_inet_addr(ip_str);
     disk->port = atoi(port_str);
     disk->vm = vm;

diff --git a/palacios/src/devices/pci.c b/palacios/src/devices/pci.c
index 6583fb0..ab14422 100644 (file)
--- a/palacios/src/devices/pci.c
+++ b/palacios/src/devices/pci.c
@@ -1637,6 +1637,7 @@ struct pci_device * v3_pci_register_device(struct vm_device * pci,
     pci_dev->fn_num = fn_num;
 
     strncpy(pci_dev->name, name, sizeof(pci_dev->name));
+    pci_dev->name[sizeof(pci_dev->name)-1] = 0;
     pci_dev->vm = pci->vm;
     pci_dev->priv_data = priv_data;
 

diff --git a/palacios/src/devices/pci_front.c b/palacios/src/devices/pci_front.c
index 08d03fe..868a3ab 100644 (file)
--- a/palacios/src/devices/pci_front.c
+++ b/palacios/src/devices/pci_front.c
@@ -1019,6 +1019,7 @@ static int pci_front_init(struct v3_vm_info * vm, v3_cfg_tree_t * cfg)
     
     state->pci_bus = bus;
     strncpy(state->name, dev_id, 32);
+    state->name[31] = 0;
     
     if (!(dev = v3_add_device(vm, dev_id, &dev_ops, state))) { 
        PrintError(vm, VCORE_NONE, "pci_front (%s): unable to add device\n",state->name);

diff --git a/palacios/src/devices/pci_passthrough.c b/palacios/src/devices/pci_passthrough.c
index dda9c80..5792535 100644 (file)
--- a/palacios/src/devices/pci_passthrough.c
+++ b/palacios/src/devices/pci_passthrough.c
@@ -793,6 +793,7 @@ static int passthrough_init(struct v3_vm_info * vm, v3_cfg_tree_t * cfg) {
     
     state->pci_bus = pci;
     strncpy(state->name, dev_id, 32);
+    state->name[31] = 0 ;
 
 
     dev = v3_add_device(vm, dev_id, &dev_ops, state);

diff --git a/palacios/src/extensions/ext_inspector.c b/palacios/src/extensions/ext_inspector.c
index 18e6a9c..db12f05 100644 (file)
--- a/palacios/src/extensions/ext_inspector.c
+++ b/palacios/src/extensions/ext_inspector.c
@@ -47,6 +47,7 @@ static int init_inspector(struct v3_vm_info * vm, v3_cfg_tree_t * cfg, void ** p
     memset(state, 0, sizeof(struct v3_inspector_state));
 
     strncpy(state->state_tree.name, "vm->name", 50);
+    state->state_tree.name[49] = 0;
     state->state_tree.subtree = 1;
 
     *priv_data = state;

diff --git a/palacios/src/gears/ext_process_environment.c b/palacios/src/gears/ext_process_environment.c
index ce2f135..3fcfb7b 100644 (file)
--- a/palacios/src/gears/ext_process_environment.c
+++ b/palacios/src/gears/ext_process_environment.c
@@ -238,7 +238,9 @@ static int v3_copy_chunk_vmm32(struct guest_info * core, const char ** argstrs,
         var_dump.argv[i] = tmpstr; 
 
         /* copy the string */
+       // this is guaranteed to alwys null terminate tmpstr
         strncpy(tmpstr, (char*)argvn, strlen((char*)argvn) + 1);
+
         i++;
         cursor += 4;
         bytes += strlen((char*)argvn) + 1;
@@ -254,6 +256,7 @@ static int v3_copy_chunk_vmm32(struct guest_info * core, const char ** argstrs,
            return -1;
        }
 
+       // will always null-terminate tmpstr
         strncpy(tmpstr, argstrs[i], strlen(argstrs[j]) + 1);
         var_dump.argv[i] = tmpstr;
         bytes += strlen(argstrs[j]) + 1;
@@ -304,6 +307,7 @@ static int v3_copy_chunk_vmm32(struct guest_info * core, const char ** argstrs,
         var_dump.envp[i] = tmpstr;
 
         /* deepcopy the string */
+       // will always null-terminate tmpstr
         strncpy(tmpstr, (char*)envpn, strlen((char*)envpn) + 1);
         i++;    
         cursor += 4;
@@ -319,7 +323,7 @@ static int v3_copy_chunk_vmm32(struct guest_info * core, const char ** argstrs,
            PrintError(core->vm_info, core, "Cannot allocate temp string\n");
            return -1;
        }
-
+       // will always null-terminate tmpstr
         strncpy(tmpstr, envstrs[j], strlen(envstrs[j]) + 1);
         var_dump.envp[i] = tmpstr;
         bytes += strlen(envstrs[j]) + 1;
@@ -516,6 +520,7 @@ static int v3_copy_chunk_vmm64(struct guest_info * core, const char ** argstrs,
         var_dump.argv[i] = tmpstr; 
 
         /* copy the string */
+       // will always null-terminate tmpstr
         strncpy(tmpstr, (char*)argvn, strlen((char*)argvn) + 1);
         i++;
         cursor += 8;
@@ -532,6 +537,7 @@ static int v3_copy_chunk_vmm64(struct guest_info * core, const char ** argstrs,
            return -1;
        }
 
+       // will always null-terminate tmpstr
         strncpy(tmpstr, argstrs[j], strlen(argstrs[j]) + 1);
         var_dump.argv[i] = tmpstr;
         bytes += strlen(argstrs[j]) + 1;
@@ -583,6 +589,7 @@ static int v3_copy_chunk_vmm64(struct guest_info * core, const char ** argstrs,
         var_dump.envp[i] = tmpstr;
 
         /* deepcopy the string */
+       // will always null-terminate tmpstr
         strncpy(tmpstr, (char*)envpn, strlen((char*)envpn) + 1);
         i++;    
         cursor += 8;
@@ -598,7 +605,7 @@ static int v3_copy_chunk_vmm64(struct guest_info * core, const char ** argstrs,
            PrintError(core->vm_info, core, "Cannot allocate temp string\n");
            return -1;
        }
-
+       // will always null-terminate tmpstr
         strncpy(tmpstr, envstrs[i], strlen(envstrs[j]) + 1);
         var_dump.envp[i] = tmpstr;
         bytes += strlen(envstrs[j]) + 1;

diff --git a/palacios/src/palacios/vmm.c b/palacios/src/palacios/vmm.c
index 57d567b..89b0173 100644 (file)
--- a/palacios/src/palacios/vmm.c
+++ b/palacios/src/palacios/vmm.c
@@ -339,7 +339,9 @@ struct v3_vm_info * v3_create_vm(void * cfg, void * priv_data, char * name, unsi
     }
 
     memset(vm->name, 0, 128);
-    strncpy(vm->name, name, 127);
+    strncpy(vm->name, name, 128);
+    vm->name[127] = 0;
+    
 
     if(v3_cpu_mapper_register_vm(vm) == -1) {
 

diff --git a/palacios/src/palacios/vmm_config.c b/palacios/src/palacios/vmm_config.c
index 7897f3e..9e73d11 100644 (file)
--- a/palacios/src/palacios/vmm_config.c
+++ b/palacios/src/palacios/vmm_config.c
@@ -229,6 +229,7 @@ static struct v3_config * parse_config(void * cfg_blob) {
        V3_Print(VM_NONE, VCORE_NONE, "File index=%d id=%s\n", idx, id);
 
        strncpy(file->tag, id, V3_MAX_TAG_LEN);
+       file->tag[V3_MAX_TAG_LEN-1] = 0 ;
 
        if (version==0) { 
            struct file_hdr_v0 * hdr = &(files_v0->hdrs[idx]);

diff --git a/palacios/src/palacios/vmm_dev_mgr.c b/palacios/src/palacios/vmm_dev_mgr.c
index 0904ea1..45cb8d1 100644 (file)
--- a/palacios/src/palacios/vmm_dev_mgr.c
+++ b/palacios/src/palacios/vmm_dev_mgr.c
@@ -172,6 +172,7 @@ int v3_save_vm_devices(struct v3_vm_info * vm, struct v3_chkpt * chkpt) {
     list_for_each_entry(dev, &(mgr->dev_list), dev_link) {
         if (dev->ops->save) {
             strncpy(name_table + tbl_offset, dev->name, V3_MAX_DEVICE_NAME);
+           *(name_table + tbl_offset + V3_MAX_DEVICE_NAME - 1) = 0;
             tbl_offset += V3_MAX_DEVICE_NAME;
             num_saved_devs++;
         }  else {
@@ -558,6 +559,7 @@ struct vm_device * v3_add_device(struct v3_vm_info * vm,
     INIT_LIST_HEAD(&(dev->res_hooks));
 
     strncpy(dev->name, name, 32);
+    dev->name[31] = 0;
     dev->ops = ops;
     dev->private_data = private_data;
 

diff --git a/palacios/src/palacios/vmm_multitree.c b/palacios/src/palacios/vmm_multitree.c
index 06ee0c4..6b9e659 100644 (file)
--- a/palacios/src/palacios/vmm_multitree.c
+++ b/palacios/src/palacios/vmm_multitree.c
@@ -67,6 +67,7 @@ struct v3_mtree * v3_mtree_create_node(struct v3_mtree * root, char * name) {
 
     memset(node, 0, sizeof(struct v3_mtree));
     strncpy(node->name, name, V3_MTREE_NAME_LEN);
+    node->name[V3_MTREE_NAME_LEN-1] = 0;
 
     if ((ret = __insert_mtree_node(root, node))) {
        PrintError(VM_NONE, VCORE_NONE, "Insertion failure\n");

diff --git a/palacios/src/palacios/vmm_symmod.c b/palacios/src/palacios/vmm_symmod.c
index 82d2f35..1cb2033 100644 (file)
--- a/palacios/src/palacios/vmm_symmod.c
+++ b/palacios/src/palacios/vmm_symmod.c
@@ -195,6 +195,7 @@ static int symbol_hcall_handler(struct guest_info * core, hcall_id_t hcall_id, v
        }
 
        strncpy(new_symbol->name, sym_name, 256);
+       new_symbol->name[255] = 0;
        new_symbol->linkage = tmp_symbol->value;
 
        list_add(&(new_symbol->sym_node), &(symmod_state->v3_sym_list));