Mailing List Archive

Silly code in clamav-0.93.1/shared/cfgparser.c
Hi,

Just auditing the ClamAV code, I see:

289 char *cpy = (char *) calloc(strlen(arg), 1);
290 strncpy(cpy, arg, strlen(arg) - 1);
291 cpy[strlen(arg)-1]='\0';

Ummm... whaaa???

Surely you mean: cpy = strdup(arg);

At the very least, you need to check the return from calloc().

Regards,

David.
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: Silly code in clamav-0.93.1/shared/cfgparser.c [ In reply to ]
David F. Skoll wrote:

> Just auditing the ClamAV code, I see:
>
> 289 char *cpy = (char *) calloc(strlen(arg), 1);
> 290 strncpy(cpy, arg, strlen(arg) - 1);
> 291 cpy[strlen(arg)-1]='\0';

> Ummm... whaaa???

> Surely you mean: cpy = strdup(arg);

Oops, followed by: cpy[strlen(arg)-1] = 0;

to chop off the trailing 'm' or 'k'.

Regards,

David.
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: Silly code in clamav-0.93.1/shared/cfgparser.c [ In reply to ]
On Thu, 12 Jun 2008 10:35:11 -0400
"David F. Skoll" <dfs@roaringpenguin.com> wrote:

> Surely you mean: cpy = strdup(arg);
>
> At the very least, you need to check the return from calloc().

David,

thanks for spotting this glitch, it's now fixed in SVN. If you find any more
issues like this, please open a bug report in our bugzilla and report them
there.

Thanks,

--
oo ..... Tomasz Kojm <tkojm@clamav.net>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Fri Jun 13 02:06:38 CEST 2008
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net