[v8] drivers/net: fix possible overflow using strlcat
Checks
Commit Message
strcat does not check the destination length and there might be
chances of string overflow so instead of strcat, strlcat is used.
Fixes: 540a211084 ("bnx2x: driver core")
Fixes: e163c18a15 ("net/i40e: update ptype and pctype info")
Cc: stable@dpdk.org
Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
---
v8: Added missing semi-colon.
v7: Corrected title.
v6: Updated title.
v5: Removed strcat.
v4: Corrected usage of strlcat.
v3: Instead of strncat, used strlcat.
v2: Instead of strncat, used snprintf.
---
drivers/net/bnx2x/bnx2x.c | 5 +++--
drivers/net/i40e/i40e_ethdev.c | 4 ++--
2 files changed, 5 insertions(+), 4 deletions(-)
Comments
> -----Original Message-----
> From: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
> Sent: Friday, March 22, 2019 1:22 PM
> To: dev@dpdk.org
> Cc: reshma.pattan@intel.com; jananeex.m.parthasarathy@intel.com; Rasesh
> Mody <rmody@marvell.com>; Shahed Shaikh <shshaikh@marvell.com>;
> beilei.xing@intel.com; qi.z.zhang@intel.com; Chaitanya Babu Talluri
> <tallurix.chaitanya.babu@intel.com>; stable@dpdk.org
> Subject: [EXT] [PATCH v8] drivers/net: fix possible overflow using strlcat
>
> strcat does not check the destination length and there might be chances of
> string overflow so instead of strcat, strlcat is used.
>
> Fixes: 540a211084 ("bnx2x: driver core")
> Fixes: e163c18a15 ("net/i40e: update ptype and pctype info")
> Cc: stable@dpdk.org
>
> Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
> ---
> v8: Added missing semi-colon.
> v7: Corrected title.
> v6: Updated title.
> v5: Removed strcat.
> v4: Corrected usage of strlcat.
> v3: Instead of strncat, used strlcat.
> v2: Instead of strncat, used snprintf.
> ---
> drivers/net/bnx2x/bnx2x.c | 5 +++--
> drivers/net/i40e/i40e_ethdev.c | 4 ++--
> 2 files changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/bnx2x/bnx2x.c b/drivers/net/bnx2x/bnx2x.c index
> 26b3828e8..ab092e23f 100644
> --- a/drivers/net/bnx2x/bnx2x.c
> +++ b/drivers/net/bnx2x/bnx2x.c
> @@ -25,6 +25,7 @@
> #include <sys/stat.h>
> #include <fcntl.h>
> #include <zlib.h>
> +#include <rte_string_fns.h>
>
> #define BNX2X_PMD_VER_PREFIX "BNX2X PMD"
> #define BNX2X_PMD_VERSION_MAJOR 1
> @@ -11741,13 +11742,13 @@ static const char *get_bnx2x_flags(uint32_t
> flags)
>
> for (i = 0; i < 5; i++)
> if (flags & (1 << i)) {
> - strcat(flag_str, flag[i]);
> + strlcat(flag_str, flag[i], sizeof(flag_str));
> flags ^= (1 << i);
> }
> if (flags) {
> static char unknown[BNX2X_INFO_STR_MAX];
> snprintf(unknown, 32, "Unknown flag mask %x", flags);
> - strcat(flag_str, unknown);
> + strlcat(flag_str, unknown, sizeof(flag_str));
> }
> return flag_str;
> }
For bnx2x PMD changes -
Acked-by: Shahed Shaikh <shshaikh@marvell.com>
Thanks,
Shahed
On 3/22/2019 8:02 AM, Shahed Shaikh wrote:
>> -----Original Message-----
>> From: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
>> Sent: Friday, March 22, 2019 1:22 PM
>> To: dev@dpdk.org
>> Cc: reshma.pattan@intel.com; jananeex.m.parthasarathy@intel.com; Rasesh
>> Mody <rmody@marvell.com>; Shahed Shaikh <shshaikh@marvell.com>;
>> beilei.xing@intel.com; qi.z.zhang@intel.com; Chaitanya Babu Talluri
>> <tallurix.chaitanya.babu@intel.com>; stable@dpdk.org
>> Subject: [EXT] [PATCH v8] drivers/net: fix possible overflow using strlcat
>>
>> strcat does not check the destination length and there might be chances of
>> string overflow so instead of strcat, strlcat is used.
>>
>> Fixes: 540a211084 ("bnx2x: driver core")
>> Fixes: e163c18a15 ("net/i40e: update ptype and pctype info")
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
>
> For bnx2x PMD changes -
> Acked-by: Shahed Shaikh <shshaikh@marvell.com>
>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Applied to dpdk-next-net/master, thanks.
@@ -25,6 +25,7 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <zlib.h>
+#include <rte_string_fns.h>
#define BNX2X_PMD_VER_PREFIX "BNX2X PMD"
#define BNX2X_PMD_VERSION_MAJOR 1
@@ -11741,13 +11742,13 @@ static const char *get_bnx2x_flags(uint32_t flags)
for (i = 0; i < 5; i++)
if (flags & (1 << i)) {
- strcat(flag_str, flag[i]);
+ strlcat(flag_str, flag[i], sizeof(flag_str));
flags ^= (1 << i);
}
if (flags) {
static char unknown[BNX2X_INFO_STR_MAX];
snprintf(unknown, 32, "Unknown flag mask %x", flags);
- strcat(flag_str, unknown);
+ strlcat(flag_str, unknown, sizeof(flag_str));
}
return flag_str;
}
@@ -12201,8 +12201,8 @@ i40e_update_customized_pctype(struct rte_eth_dev *dev, uint8_t *pkg,
for (n = 0; n < proto_num; n++) {
if (proto[n].proto_id != proto_id)
continue;
- strcat(name, proto[n].name);
- strcat(name, "_");
+ strlcat(name, proto[n].name, sizeof(name));
+ strlcat(name, "_", sizeof(name));
break;
}
}