[v5] drivers: fix possible overflow with strcat
Checks
Commit Message
strcat does not check the destination length and there might be
chances of string overflow so instead of strcat, strlcat is used.
Fixes: 6f4eec2565 ("test/crypto: enhance scheduler unit tests")
Fixes: 540a211084 ("bnx2x: driver core")
Fixes: e163c18a15 ("net/i40e: update ptype and pctype info")
Cc: stable@dpdk.org
Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
---
v5: Removed strcat.
v4: Corrected usage of strlcat.
v3: Instead of strncat, used strlcat.
v2: Instead of strncat, used snprintf.
---
app/test/test_cryptodev.c | 3 ++-
drivers/net/bnx2x/bnx2x.c | 5 +++--
drivers/net/i40e/i40e_ethdev.c | 4 ++--
3 files changed, 7 insertions(+), 5 deletions(-)
Comments
On 3/7/2019 12:56 PM, Chaitanya Babu Talluri wrote:
> strcat does not check the destination length and there might be
> chances of string overflow so instead of strcat, strlcat is used.
>
> Fixes: 6f4eec2565 ("test/crypto: enhance scheduler unit tests")
> Fixes: 540a211084 ("bnx2x: driver core")
> Fixes: e163c18a15 ("net/i40e: update ptype and pctype info")
> Cc: stable@dpdk.org
>
> Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
> ---
> v5: Removed strcat.
You also dropped "drivers/net/nfp/nfpcore/nfp_cpp_pcie_ops.c" change which was
in v4, intentional?
> v4: Corrected usage of strlcat.
> v3: Instead of strncat, used strlcat.
> v2: Instead of strncat, used snprintf.
> ---
> app/test/test_cryptodev.c | 3 ++-
test_cryptodev.c is not driver, also for organizational issues, can you send it
as separate patch?
When it is removed, you can use "drivers/net: ..." in patch title.
> drivers/net/bnx2x/bnx2x.c | 5 +++--
> drivers/net/i40e/i40e_ethdev.c | 4 ++--
> 3 files changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> index 32f1893bc..8d5c138a5 100644
> --- a/app/test/test_cryptodev.c
> +++ b/app/test/test_cryptodev.c
> @@ -11,6 +11,7 @@
> #include <rte_memcpy.h>
> #include <rte_pause.h>
> #include <rte_bus_vdev.h>
> +#include <rte_string_fns.h>
>
> #include <rte_crypto.h>
> #include <rte_cryptodev.h>
> @@ -375,7 +376,7 @@ testsuite_setup(void)
> snprintf(vdev_args, sizeof(vdev_args),
> "%s%d", temp_str, i);
> strcpy(temp_str, vdev_args);
> - strcat(temp_str, ";");
> + strlcat(temp_str, ";", sizeof(temp_str));
> slave_core_count++;
> socket_id = lcore_config[i].socket_id;
> }
> diff --git a/drivers/net/bnx2x/bnx2x.c b/drivers/net/bnx2x/bnx2x.c
> index 26b3828e8..ab092e23f 100644
> --- a/drivers/net/bnx2x/bnx2x.c
> +++ b/drivers/net/bnx2x/bnx2x.c
> @@ -25,6 +25,7 @@
> #include <sys/stat.h>
> #include <fcntl.h>
> #include <zlib.h>
> +#include <rte_string_fns.h>
>
> #define BNX2X_PMD_VER_PREFIX "BNX2X PMD"
> #define BNX2X_PMD_VERSION_MAJOR 1
> @@ -11741,13 +11742,13 @@ static const char *get_bnx2x_flags(uint32_t flags)
>
> for (i = 0; i < 5; i++)
> if (flags & (1 << i)) {
> - strcat(flag_str, flag[i]);
> + strlcat(flag_str, flag[i], sizeof(flag_str));
> flags ^= (1 << i);
> }
> if (flags) {
> static char unknown[BNX2X_INFO_STR_MAX];
> snprintf(unknown, 32, "Unknown flag mask %x", flags);
> - strcat(flag_str, unknown);
> + strlcat(flag_str, unknown, sizeof(flag_str));
> }
> return flag_str;
> }
> diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
> index dca61f03a..9bc9a4390 100644
> --- a/drivers/net/i40e/i40e_ethdev.c
> +++ b/drivers/net/i40e/i40e_ethdev.c
> @@ -12201,8 +12201,8 @@ i40e_update_customized_pctype(struct rte_eth_dev *dev, uint8_t *pkg,
> for (n = 0; n < proto_num; n++) {
> if (proto[n].proto_id != proto_id)
> continue;
> - strcat(name, proto[n].name);
> - strcat(name, "_");
> + strlcat(name, proto[n].name, sizeof(name));
> + strlcat(name, "_", sizeof(name));
> break;
> }
> }
>
@@ -11,6 +11,7 @@
#include <rte_memcpy.h>
#include <rte_pause.h>
#include <rte_bus_vdev.h>
+#include <rte_string_fns.h>
#include <rte_crypto.h>
#include <rte_cryptodev.h>
@@ -375,7 +376,7 @@ testsuite_setup(void)
snprintf(vdev_args, sizeof(vdev_args),
"%s%d", temp_str, i);
strcpy(temp_str, vdev_args);
- strcat(temp_str, ";");
+ strlcat(temp_str, ";", sizeof(temp_str));
slave_core_count++;
socket_id = lcore_config[i].socket_id;
}
@@ -25,6 +25,7 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <zlib.h>
+#include <rte_string_fns.h>
#define BNX2X_PMD_VER_PREFIX "BNX2X PMD"
#define BNX2X_PMD_VERSION_MAJOR 1
@@ -11741,13 +11742,13 @@ static const char *get_bnx2x_flags(uint32_t flags)
for (i = 0; i < 5; i++)
if (flags & (1 << i)) {
- strcat(flag_str, flag[i]);
+ strlcat(flag_str, flag[i], sizeof(flag_str));
flags ^= (1 << i);
}
if (flags) {
static char unknown[BNX2X_INFO_STR_MAX];
snprintf(unknown, 32, "Unknown flag mask %x", flags);
- strcat(flag_str, unknown);
+ strlcat(flag_str, unknown, sizeof(flag_str));
}
return flag_str;
}
@@ -12201,8 +12201,8 @@ i40e_update_customized_pctype(struct rte_eth_dev *dev, uint8_t *pkg,
for (n = 0; n < proto_num; n++) {
if (proto[n].proto_id != proto_id)
continue;
- strcat(name, proto[n].name);
- strcat(name, "_");
+ strlcat(name, proto[n].name, sizeof(name));
+ strlcat(name, "_", sizeof(name));
break;
}
}