Properly terminate parsed environment values with '\0'.

The function strncpy() does not guarantee to nul terminate the
destination. In most cases, this cannot be triggered, but it is also
used to parse user environment variables. These are allowed to be longer
than 1023 characters, effectively resulting in an unterminated string.

I've adjusted other places as well, because it won't hurt.

https://bugs.freedesktop.org/show_bug.cgi?id=96677

diff --git a/va/va.c b/va/va.c
index cd88d67..b524fc7 100644 (file)
--- a/va/va.c
+++ b/va/va.c
@@ -74,8 +74,10 @@ int va_parseConfig(char *env, char *env_value)
            continue;
 
         if (strcmp(token, env) == 0) {
-            if (env_value)
+            if (env_value) {
                 strncpy(env_value,value, 1024);
+                env_value[1023] = '\0';
+            }
 
             fclose(fp);
 
@@ -88,8 +90,10 @@ int va_parseConfig(char *env, char *env_value)
     /* no setting in config file, use env setting */
     value = getenv(env);
     if (value) {
-        if (env_value)
+        if (env_value) {
             strncpy(env_value, value, 1024);
+            env_value[1023] = '\0';
+        }
         return 0;
     }
     

diff --git a/va/va_trace.c b/va/va_trace.c
index 96c076c..13fc6d2 100644 (file)
--- a/va/va_trace.c
+++ b/va/va_trace.c
@@ -546,6 +546,7 @@ static int open_tracing_specil_file(
     FILE *fp = NULL;
 
     strncpy(env_value, fn_env, 1024);
+    env_value[1023] = '\0';
     FILE_NAME_SUFFIX(env_value, 1024,
         "ctx-", (unsigned int)ptra_ctx->trace_context);
 
@@ -594,6 +595,7 @@ static int open_tracing_log_file(
         char env_value[1024];
 
         strncpy(env_value, pva_trace->fn_log_env, 1024);
+        env_value[1023] = '\0';
         FILE_NAME_SUFFIX(env_value, 1024,
             "thd-", (unsigned int)thd_id);