vhost: fix sprintf with snprintf
Checks
Commit Message
sprintf function is not secure as it doesn't check the length of string.
More secure function snprintf is used.
Fixes: d7280c9fff ("vhost: support selective datapath")
Cc: stable@dpdk.org
Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
---
lib/librte_vhost/vdpa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On 2/4/19 8:28 AM, Pallantla Poornima wrote:
> sprintf function is not secure as it doesn't check the length of string.
> More secure function snprintf is used.
>
> Fixes: d7280c9fff ("vhost: support selective datapath")
> Cc: stable@dpdk.org
>
> Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
> ---
> lib/librte_vhost/vdpa.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Thanks,
Maxime
On Tue, Feb 19, 2019 at 08:59:51PM +0800, Parthasarathy, JananeeX M wrote:
>
> >-----Original Message-----
> >From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Maxime Coquelin
> >Sent: Monday, February 04, 2019 3:02 PM
> >To: Poornima, PallantlaX <pallantlax.poornima@intel.com>; dev@dpdk.org
> >Cc: Pattan, Reshma <reshma.pattan@intel.com>; Bie, Tiwei
> ><tiwei.bie@intel.com>; Wang, Zhihong <zhihong.wang@intel.com>;
> >stable@dpdk.org
> >Subject: Re: [dpdk-dev] [PATCH] vhost: fix sprintf with snprintf
> >
> >
> >
> >On 2/4/19 8:28 AM, Pallantla Poornima wrote:
> >> sprintf function is not secure as it doesn't check the length of string.
> >> More secure function snprintf is used.
> >>
> >> Fixes: d7280c9fff ("vhost: support selective datapath")
> >> Cc: stable@dpdk.org
> >>
> >> Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
> >> ---
> >> lib/librte_vhost/vdpa.c | 2 +-
> >> 1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >
> >Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
> >
> >Thanks,
> >Maxime
>
> Request for Ack please if there are no comments
Maxime already did the review. It will be merged in this
release. :) But anyway,
Acked-by: Tiwei Bie <tiwei.bie@intel.com>
Thanks for your contribution.
>
> Thanks
> M.P.Jananee
On 2/4/19 8:28 AM, Pallantla Poornima wrote:
> sprintf function is not secure as it doesn't check the length of string.
> More secure function snprintf is used.
>
> Fixes: d7280c9fff ("vhost: support selective datapath")
> Cc: stable@dpdk.org
>
> Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
> ---
> lib/librte_vhost/vdpa.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
Applied to dpdk-next-virtio/master.
Thanks,
Maxime
@@ -66,7 +66,7 @@ rte_vdpa_register_device(struct rte_vdpa_dev_addr *addr,
if (i == MAX_VHOST_DEVICE)
return -1;
- sprintf(device_name, "vdpa-dev-%d", i);
+ snprintf(device_name, sizeof(device_name), "vdpa-dev-%d", i);
dev = rte_zmalloc(device_name, sizeof(struct rte_vdpa_device),
RTE_CACHE_LINE_SIZE);
if (!dev)