0001-fix-strncpy-bounds-errors.patch

   1 From d409acef489f9c96cd0566b2427760fda2a57221 Mon Sep 17 00:00:00 2001
   2 From: =?UTF-8?q?Elan=20Ruusam=C3=A4e?= <glen@delfi.ee>
   3 Date: Sat, 3 Nov 2018 20:53:39 +0200
   4 Subject: [PATCH 1/2] fix strncpy bounds errors
   5
   6 error: 'strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation]
   7 ---
   8  libfetch/http.c |  3 ++-
   9  src/archive.c   | 12 ++++++++----
  10  src/database.c  |  3 ++-
  11  3 files changed, 12 insertions(+), 6 deletions(-)
  12
  13 diff --git a/libfetch/http.c b/libfetch/http.c
  14 index 638c9a8..de43a36 100644
  15 --- a/libfetch/http.c
  16 +++ b/libfetch/http.c
  17 @@ -499,7 +499,8 @@ http_parse_mtime(const char *p, time_t *mtime)
  18         char locale[64], *r;
  19         struct tm tm;
  20
  21 -       strncpy(locale, setlocale(LC_TIME, NULL), sizeof(locale));
  22 +       strncpy(locale, setlocale(LC_TIME, NULL), sizeof(locale) - 1);
  23 +       locale[sizeof(locale) - 1] = '\0';
  24         setlocale(LC_TIME, "C");
  25         r = strptime(p, "%a, %d %b %Y %H:%M:%S GMT", &tm);
  26         /* XXX should add support for date-2 and date-3 */
  27 diff --git a/src/archive.c b/src/archive.c
  28 index f3a66c2..059f3ff 100644
  29 --- a/src/archive.c
  30 +++ b/src/archive.c
  31 @@ -385,11 +385,15 @@ int apk_tar_write_entry(struct apk_ostream *os, const struct apk_file_info *ae,
  32                 else
  33                         return -1;
  34
  35 -               if (ae->name != NULL)
  36 -                       strncpy(buf.name, ae->name, sizeof(buf.name));
  37 +               if (ae->name != NULL) {
  38 +                       strncpy(buf.name, ae->name, sizeof(buf.name) - 1);
  39 +                       buf.name[sizeof(buf.name) - 1] = '\0';
  40 +               }
  41
  42 -               strncpy(buf.uname, ae->uname ?: "root", sizeof(buf.uname));
  43 -               strncpy(buf.gname, ae->gname ?: "root", sizeof(buf.gname));
  44 +               strncpy(buf.uname, ae->uname ?: "root", sizeof(buf.uname) - 1);
  45 +               buf.uname[sizeof(buf.uname) - 1] = '\0';
  46 +               strncpy(buf.gname, ae->gname ?: "root", sizeof(buf.gname) - 1);
  47 +               buf.gname[sizeof(buf.gname) - 1] = '\0';
  48
  49                 PUT_OCTAL(buf.size, ae->size);
  50                 PUT_OCTAL(buf.uid, ae->uid);
  51 diff --git a/src/database.c b/src/database.c
  52 index 91fcedd..92c4793 100644
  53 --- a/src/database.c
  54 +++ b/src/database.c
  55 @@ -2778,7 +2778,8 @@ static int apk_db_unpack_pkg(struct apk_database *db,
  56                 if (!(pkg->repos & db->local_repos))
  57                         need_copy = TRUE;
  58         } else {
  59 -               strncpy(file, pkg->filename, sizeof(file));
  60 +               strncpy(file, pkg->filename, sizeof(file) - 1);
  61 +               file[sizeof(file) - 1] = '\0';
  62                 need_copy = TRUE;
  63         }
  64         if (!apk_db_cache_active(db))
  65 --
  66 2.19.1
  67