vhost: fix sprintf with snprintf

Message ID 1549265286-6217-1-git-send-email-pallantlax.poornima@intel.com
State Accepted
Delegated to: Maxime Coquelin
Headers show
Series
  • vhost: fix sprintf with snprintf
Related show

Checks

Context Check Description
ci/Intel-compilation success Compilation OK
ci/intel-Performance-Testing success Performance Testing PASS
ci/mellanox-Performance-Testing success Performance Testing PASS
ci/checkpatch success coding style OK

Commit Message

Pallantla Poornima Feb. 4, 2019, 7:28 a.m.
sprintf function is not secure as it doesn't check the length of string.
More secure function snprintf is used.

Fixes: d7280c9fff ("vhost: support selective datapath")
Cc: stable@dpdk.org

Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
---
 lib/librte_vhost/vdpa.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Maxime Coquelin Feb. 4, 2019, 9:32 a.m. | #1
On 2/4/19 8:28 AM, Pallantla Poornima wrote:
> sprintf function is not secure as it doesn't check the length of string.
> More secure function snprintf is used.
> 
> Fixes: d7280c9fff ("vhost: support selective datapath")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
> ---
>   lib/librte_vhost/vdpa.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 

Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

Thanks,
Maxime
Tiwei Bie Feb. 20, 2019, 2:20 a.m. | #2
On Tue, Feb 19, 2019 at 08:59:51PM +0800, Parthasarathy, JananeeX M wrote:
> 
> >-----Original Message-----
> >From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Maxime Coquelin
> >Sent: Monday, February 04, 2019 3:02 PM
> >To: Poornima, PallantlaX <pallantlax.poornima@intel.com>; dev@dpdk.org
> >Cc: Pattan, Reshma <reshma.pattan@intel.com>; Bie, Tiwei
> ><tiwei.bie@intel.com>; Wang, Zhihong <zhihong.wang@intel.com>;
> >stable@dpdk.org
> >Subject: Re: [dpdk-dev] [PATCH] vhost: fix sprintf with snprintf
> >
> >
> >
> >On 2/4/19 8:28 AM, Pallantla Poornima wrote:
> >> sprintf function is not secure as it doesn't check the length of string.
> >> More secure function snprintf is used.
> >>
> >> Fixes: d7280c9fff ("vhost: support selective datapath")
> >> Cc: stable@dpdk.org
> >>
> >> Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
> >> ---
> >>   lib/librte_vhost/vdpa.c | 2 +-
> >>   1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >
> >Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
> >
> >Thanks,
> >Maxime
> 
> Request for Ack please if there are no comments

Maxime already did the review. It will be merged in this
release. :) But anyway,

Acked-by: Tiwei Bie <tiwei.bie@intel.com>

Thanks for your contribution.

> 
> Thanks
> M.P.Jananee
Maxime Coquelin Feb. 21, 2019, 6:16 p.m. | #3
On 2/4/19 8:28 AM, Pallantla Poornima wrote:
> sprintf function is not secure as it doesn't check the length of string.
> More secure function snprintf is used.
> 
> Fixes: d7280c9fff ("vhost: support selective datapath")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
> ---
>   lib/librte_vhost/vdpa.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 

Applied to dpdk-next-virtio/master.

Thanks,
Maxime

Patch

diff --git a/lib/librte_vhost/vdpa.c b/lib/librte_vhost/vdpa.c
index 02083bb8a..fcc2c73a3 100644
--- a/lib/librte_vhost/vdpa.c
+++ b/lib/librte_vhost/vdpa.c
@@ -66,7 +66,7 @@  rte_vdpa_register_device(struct rte_vdpa_dev_addr *addr,
 	if (i == MAX_VHOST_DEVICE)
 		return -1;
 
-	sprintf(device_name, "vdpa-dev-%d", i);
+	snprintf(device_name, sizeof(device_name), "vdpa-dev-%d", i);
 	dev = rte_zmalloc(device_name, sizeof(struct rte_vdpa_device),
 			RTE_CACHE_LINE_SIZE);
 	if (!dev)