rimage: strcpy possible buffer overflow

[plbossart]

This code in pkcs1_5.c is flagged by Coverity as problematic

	if (!image->key_name)
		sprintf(path, "%s/otc_private_key.pem", PEM_KEY_PREFIX);
	else
		strcpy(path, image->key_name);

CID 313456 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
3. fixed_size_dest: You might overrun the 256-character fixed-size string path by copying image->key_name without checking the length.
4. parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function

[xiulipan]

@plbossart i will thake #257 and #258.
If Covertiy is some new scan? and how could I re-run to check if this could solve the problem.

[plbossart]

still an issue as of November 2...

[xiulipan]

@plbossart
Waiting for the response about, it seems we did not see similar check from other check tool.

If Covertiy is some new scan? and how could I re-run to check if this could solve the problem.

[tlauda]

@plbossart Please verify with #646.

[jajanusz]

I wonder why tool complained just about 1 line, but it's wrong in 2 places, also here:

sof/rimage/pkcs1_5.c

Line 191 in 4bd543c

strcpy(path, image->key_name);

[tlauda]

@plbossart Could you rescan the project to make sure all the issues are gone?

[michalgrodzicki]

Task is assigned to @xiulipan, He will do next scan.

[xiulipan]

@plbossart @tlauda @plbossart
I will try to run a new round Coverity test on my own machine and to evaluate the possibility to make it into our CI.

[jajanusz]

Going to be closed with #1524 as initial issue will be fixed.
@xiulipan If you are going to plug Coverity to CI you can create new issue.

[xiulipan]

@jajanusz
The Coverity may not be in CI as it would require third party sever to analysis and take long time for result showing. And the result can not be export for sharing, developer may need access to Coverity to review the test result.
Need to figure out a way to test with Coverity.