[英]Buffer overflow in fread and strncpy in C++
I'm getting buffer overflow case from the appscan for the below set of code.我正在从 appscan 获取以下代码集的缓冲区溢出案例。 I'm not sure what is wrong in it.
我不确定它有什么问题。 If someone suggest a solution that would be great.
如果有人提出一个很棒的解决方案。 Common Code is for all the platform.
通用代码适用于所有平台。
int main()
{
char* src = NULL;
char* chenv = getenv("HOME");
if (chenv == NULL || strlen(chenv) == 0)
return -1;
else
{
int len = strlen(chenv);
src = new char[len+1];
strncpy(src, chenv, len); // AppScan throws buffer overflow
src[len+1]='\0';
}
FILE* fp;
char content[4096];
int len = 0;
fp = fopen("filename.txt", "r");
if(fp)
{
while( (len = fread(content, sizeof(char), sizeof(content), fp))> 0) // AppScan throws buffer overflow on content
{
docopy(content, len);// External funtion call.
}
}
return 0;
}
Instead of strncpy I tried using strdup() and the issue solved.我尝试使用 strdup() 而不是 strncpy 并解决了问题。 But the fread is still having the issue.
但是fread仍然有问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.