[dpdk-dev,v4,02/18] net/nfp: solve buffer overflow
Checks
Commit Message
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c: In
function ‘nfp_pf_pci_probe’:
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3160:
23: error: ‘%s’ directive writing up to 99 bytes into a
region of size 76 [-Werror=format-overflow=]
sprintf(fw_name, "%s/%s.nffw", DEFAULT_FW_PATH, serial);
Note fw_buf still has to increase somewhat even after
restricting serial[], since otherwise:
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c: In
function ‘nfp_pf_pci_probe’:
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3176:23:
error: ‘%s’ directive writing up to 99 bytes into a region
of size 76 [-Werror=format-overflow=]
sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card);
^~
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3262:32:
err = nfp_fw_upload(dev, nsp, card_desc);
~~~~~~~~~
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3176:2:
note: ‘sprintf’ output between 25 and 124 bytes into a
destination of size 100
sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card);
Signed-off-by: Andy Green <andy@warmcat.com>
---
drivers/net/nfp/nfp_net.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Andy Green
> Sent: Friday, May 11, 2018 2:45 AM
> To: dev@dpdk.org
> Subject: [dpdk-dev] [PATCH v4 02/18] net/nfp: solve buffer overflow
>
> /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c: In function
> ‘nfp_pf_pci_probe’:
> /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3160:
> 23: error: ‘%s’ directive writing up to 99 bytes into a region of size 76 [-
> Werror=format-overflow=]
> sprintf(fw_name, "%s/%s.nffw", DEFAULT_FW_PATH, serial);
>
> Note fw_buf still has to increase somewhat even after restricting serial[], since
> otherwise:
>
> /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c: In function
> ‘nfp_pf_pci_probe’:
> /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3176:23:
> error: ‘%s’ directive writing up to 99 bytes into a region of size 76 [-
> Werror=format-overflow=]
> sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card);
> ^~
> /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3262:32:
> err = nfp_fw_upload(dev, nsp, card_desc);
> ~~~~~~~~~
> /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3176:2:
> note: ‘sprintf’ output between 25 and 124 bytes into a destination of size 100
> sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card);
>
> Signed-off-by: Andy Green <andy@warmcat.com>
Missing fixes line and CC stable.
Fixes: 896c265ef954 ("net/nfp: use new CPP interface")
Cc: stable@dpdk.org
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Hi,
> -----Original Message-----
> From: De Lara Guarch, Pablo
> Sent: Friday, May 11, 2018 9:58 AM
> To: 'Andy Green' <andy@warmcat.com>; dev@dpdk.org
> Cc: stable@dpdk.org
> Subject: RE: [dpdk-dev] [PATCH v4 02/18] net/nfp: solve buffer overflow
>
>
>
> > -----Original Message-----
> > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Andy Green
> > Sent: Friday, May 11, 2018 2:45 AM
> > To: dev@dpdk.org
> > Subject: [dpdk-dev] [PATCH v4 02/18] net/nfp: solve buffer overflow
> >
> > /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c: In function
> > ‘nfp_pf_pci_probe’:
> > /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3160:
> > 23: error: ‘%s’ directive writing up to 99 bytes into a region of size
> > 76 [- Werror=format-overflow=]
> > sprintf(fw_name, "%s/%s.nffw", DEFAULT_FW_PATH, serial);
> >
> > Note fw_buf still has to increase somewhat even after restricting
> > serial[], since
> > otherwise:
> >
> > /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c: In function
> > ‘nfp_pf_pci_probe’:
> > /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3176:23:
> > error: ‘%s’ directive writing up to 99 bytes into a region of size 76
> > [- Werror=format-overflow=]
> > sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card);
> > ^~
> > /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3262:32:
> > err = nfp_fw_upload(dev, nsp, card_desc);
> > ~~~~~~~~~
> > /home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3176:2:
> > note: ‘sprintf’ output between 25 and 124 bytes into a destination of size 100
> > sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card);
> >
> > Signed-off-by: Andy Green <andy@warmcat.com>
>
> Missing fixes line and CC stable.
>
> Fixes: 896c265ef954 ("net/nfp: use new CPP interface")
> Cc: stable@dpdk.org
>
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Actually, this does not need to be backported to stable, as it was merged in this release.
Sorry about the noise.
@@ -3144,8 +3144,8 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
struct nfp_cpp *cpp = nsp->cpp;
int fw_f;
char *fw_buf;
- char fw_name[100];
- char serial[100];
+ char fw_name[125];
+ char serial[40];
struct stat file_stat;
off_t fsize, bytes;