#2755 cmpi-syslog: possible buffer overflow, usage of obsolete tmpnam() function

[Vitezslav Crhonek]

Hello,

There's serious warning during the sblim-cmpi-syslog compilation:

In file included from /usr/include/string.h:638:0,
from util/syslogconfutil.c:23:
In function 'strcpy',
inlined from 'Syslog_Setting_Begin_Enum' at util/syslogconfutil.c:69:11:
/usr/include/bits/string3.h:104:3: warning: call to __builtin___memcpy_chk will always overflow destination buffer [enabled by default]

Suspicious line:
69 strcpy(cc->name, ConfInFile);

• cc->name is char name[L_tmpnam];
• ConfInFile is #define ConfInFile "/tmp/tmpsyslogtest.conf"

L_tmpnam expands to an integral expression corresponding to the size needed for an array of char elements to hold the longest file name string possibly generated by tmpname.

Actual defition is in /usr/include/bits/stdio_lim.h:
24 # define L_tmpnam 20

strlen(ConfInFile) is 23 (> 20).

Note that usage tmpnam() function is strongly discouraged anyway.

Attached patch fixes both issues.