[v5] drivers: fix possible overflow with strcat

Message ID 1551963385-1234-1-git-send-email-tallurix.chaitanya.babu@intel.com
State Superseded, archived
Delegated to: Ferruh Yigit
Headers show
Series
  • [v5] drivers: fix possible overflow with strcat
Related show

Checks

Context Check Description
ci/Intel-compilation success Compilation OK
ci/checkpatch success coding style OK
ci/mellanox-Performance-Testing success Performance Testing PASS
ci/intel-Performance-Testing success Performance Testing PASS

Commit Message

Chaitanya Babu Talluri March 7, 2019, 12:56 p.m.
strcat does not check the destination length and there might be
chances of string overflow so instead of strcat, strlcat is used.

Fixes: 6f4eec2565 ("test/crypto: enhance scheduler unit tests")
Fixes: 540a211084 ("bnx2x: driver core")
Fixes: e163c18a15 ("net/i40e: update ptype and pctype info")
Cc: stable@dpdk.org

Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
---
v5: Removed strcat.
v4: Corrected usage of strlcat.
v3: Instead of strncat, used strlcat.
v2: Instead of strncat, used snprintf.
---
 app/test/test_cryptodev.c      | 3 ++-
 drivers/net/bnx2x/bnx2x.c      | 5 +++--
 drivers/net/i40e/i40e_ethdev.c | 4 ++--
 3 files changed, 7 insertions(+), 5 deletions(-)

Comments

Ferruh Yigit March 13, 2019, 6:39 p.m. | #1
On 3/7/2019 12:56 PM, Chaitanya Babu Talluri wrote:
> strcat does not check the destination length and there might be
> chances of string overflow so instead of strcat, strlcat is used.
> 
> Fixes: 6f4eec2565 ("test/crypto: enhance scheduler unit tests")
> Fixes: 540a211084 ("bnx2x: driver core")
> Fixes: e163c18a15 ("net/i40e: update ptype and pctype info")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
> ---
> v5: Removed strcat.

You also dropped "drivers/net/nfp/nfpcore/nfp_cpp_pcie_ops.c" change which was
in v4, intentional?

> v4: Corrected usage of strlcat.
> v3: Instead of strncat, used strlcat.
> v2: Instead of strncat, used snprintf.
> ---
>  app/test/test_cryptodev.c      | 3 ++-

test_cryptodev.c is not driver, also for organizational issues, can you send it
as separate patch?

When it is removed, you can use "drivers/net: ..." in patch title.

>  drivers/net/bnx2x/bnx2x.c      | 5 +++--
>  drivers/net/i40e/i40e_ethdev.c | 4 ++--
>  3 files changed, 7 insertions(+), 5 deletions(-)
> 
> diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> index 32f1893bc..8d5c138a5 100644
> --- a/app/test/test_cryptodev.c
> +++ b/app/test/test_cryptodev.c
> @@ -11,6 +11,7 @@
>  #include <rte_memcpy.h>
>  #include <rte_pause.h>
>  #include <rte_bus_vdev.h>
> +#include <rte_string_fns.h>
>  
>  #include <rte_crypto.h>
>  #include <rte_cryptodev.h>
> @@ -375,7 +376,7 @@ testsuite_setup(void)
>  			snprintf(vdev_args, sizeof(vdev_args),
>  					"%s%d", temp_str, i);
>  			strcpy(temp_str, vdev_args);
> -			strcat(temp_str, ";");
> +			strlcat(temp_str, ";", sizeof(temp_str));
>  			slave_core_count++;
>  			socket_id = lcore_config[i].socket_id;
>  		}
> diff --git a/drivers/net/bnx2x/bnx2x.c b/drivers/net/bnx2x/bnx2x.c
> index 26b3828e8..ab092e23f 100644
> --- a/drivers/net/bnx2x/bnx2x.c
> +++ b/drivers/net/bnx2x/bnx2x.c
> @@ -25,6 +25,7 @@
>  #include <sys/stat.h>
>  #include <fcntl.h>
>  #include <zlib.h>
> +#include <rte_string_fns.h>
>  
>  #define BNX2X_PMD_VER_PREFIX "BNX2X PMD"
>  #define BNX2X_PMD_VERSION_MAJOR 1
> @@ -11741,13 +11742,13 @@ static const char *get_bnx2x_flags(uint32_t flags)
>  
>  	for (i = 0; i < 5; i++)
>  		if (flags & (1 << i)) {
> -			strcat(flag_str, flag[i]);
> +			strlcat(flag_str, flag[i], sizeof(flag_str));
>  			flags ^= (1 << i);
>  		}
>  	if (flags) {
>  		static char unknown[BNX2X_INFO_STR_MAX];
>  		snprintf(unknown, 32, "Unknown flag mask %x", flags);
> -		strcat(flag_str, unknown);
> +		strlcat(flag_str, unknown, sizeof(flag_str));
>  	}
>  	return flag_str;
>  }
> diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
> index dca61f03a..9bc9a4390 100644
> --- a/drivers/net/i40e/i40e_ethdev.c
> +++ b/drivers/net/i40e/i40e_ethdev.c
> @@ -12201,8 +12201,8 @@ i40e_update_customized_pctype(struct rte_eth_dev *dev, uint8_t *pkg,
>  			for (n = 0; n < proto_num; n++) {
>  				if (proto[n].proto_id != proto_id)
>  					continue;
> -				strcat(name, proto[n].name);
> -				strcat(name, "_");
> +				strlcat(name, proto[n].name, sizeof(name));
> +				strlcat(name, "_", sizeof(name));
>  				break;
>  			}
>  		}
>

Patch

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 32f1893bc..8d5c138a5 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -11,6 +11,7 @@ 
 #include <rte_memcpy.h>
 #include <rte_pause.h>
 #include <rte_bus_vdev.h>
+#include <rte_string_fns.h>
 
 #include <rte_crypto.h>
 #include <rte_cryptodev.h>
@@ -375,7 +376,7 @@  testsuite_setup(void)
 			snprintf(vdev_args, sizeof(vdev_args),
 					"%s%d", temp_str, i);
 			strcpy(temp_str, vdev_args);
-			strcat(temp_str, ";");
+			strlcat(temp_str, ";", sizeof(temp_str));
 			slave_core_count++;
 			socket_id = lcore_config[i].socket_id;
 		}
diff --git a/drivers/net/bnx2x/bnx2x.c b/drivers/net/bnx2x/bnx2x.c
index 26b3828e8..ab092e23f 100644
--- a/drivers/net/bnx2x/bnx2x.c
+++ b/drivers/net/bnx2x/bnx2x.c
@@ -25,6 +25,7 @@ 
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <zlib.h>
+#include <rte_string_fns.h>
 
 #define BNX2X_PMD_VER_PREFIX "BNX2X PMD"
 #define BNX2X_PMD_VERSION_MAJOR 1
@@ -11741,13 +11742,13 @@  static const char *get_bnx2x_flags(uint32_t flags)
 
 	for (i = 0; i < 5; i++)
 		if (flags & (1 << i)) {
-			strcat(flag_str, flag[i]);
+			strlcat(flag_str, flag[i], sizeof(flag_str));
 			flags ^= (1 << i);
 		}
 	if (flags) {
 		static char unknown[BNX2X_INFO_STR_MAX];
 		snprintf(unknown, 32, "Unknown flag mask %x", flags);
-		strcat(flag_str, unknown);
+		strlcat(flag_str, unknown, sizeof(flag_str));
 	}
 	return flag_str;
 }
diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index dca61f03a..9bc9a4390 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -12201,8 +12201,8 @@  i40e_update_customized_pctype(struct rte_eth_dev *dev, uint8_t *pkg,
 			for (n = 0; n < proto_num; n++) {
 				if (proto[n].proto_id != proto_id)
 					continue;
-				strcat(name, proto[n].name);
-				strcat(name, "_");
+				strlcat(name, proto[n].name, sizeof(name));
+				strlcat(name, "_", sizeof(name));
 				break;
 			}
 		}