drakenclimber / libcgroup / 20936479223

56%

main: 56%

push

github

api: Fix unsafe call to strncat in cgroup_get_procs() and cgroup_get_threads()

TJH - the text below was autogenerated by Copilot.

In general, when using strncat, the third argument must reflect the
remaining space in the destination buffer minus one byte to keep room
for the terminating NUL. The correct upper bound is therefore
sizeof(dest) - strlen(dest) - 1. This ensures strncat cannot write past
the end of the buffer, even including the terminator it always appends.

For this code, the minimal, behavior-preserving fix is to adjust the
strncat calls that append constant suffixes to cgroup_path.
Specifically:

In cgroup_get_procs, change FILENAME_MAX - strlen(cgroup_path) to
FILENAME_MAX - strlen(cgroup_path) - 1.
In cgroup_get_threads, make the same adjustment.
No other logic needs to change; the functions will still append the same
suffixes, but the maximum number of characters strncat is allowed to
copy will correctly reserve one byte for the NUL terminator. If
cg_build_path already fills nearly the entire buffer, the new limit
prevents overflow and may result in a truncated path; if such truncation
should be handled explicitly, additional error checks on
strlen(cgroup_path) relative to FILENAME_MAX could be added, but that
would go beyond the minimal fix requested.

These changes are all within src/api.c, in the region containing
cgroup_get_procs and cgroup_get_threads, and do not require any new
includes or helper functions.

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>

1 of 2 new or added lines in 1 file covered. (50.0%)

5608 of 9975 relevant lines covered (56.22%)

568.63 hits per line