diff mbox

[dpdk-dev,2/3] pdump: fix string overflow

Message ID 1466522285-15023-3-git-send-email-reshma.pattan@intel.com (mailing list archive)
State Superseded, archived
Headers

Commit Message

Pattan, Reshma June 21, 2016, 3:18 p.m. UTC 
  using source length in strncpy can cause destination
overflow if destination length is not big enough to
handle the source string. Changes are made to use destination
size instead of source length in strncpy.

Cverity issue 127350: string overflow

Fixes: 278f945402c5 ("pdump: add new library for packet capture")

Signed-off-by: Reshma Pattan <reshma.pattan@intel.com>
---
 lib/librte_pdump/rte_pdump.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

Comments

Ferruh Yigit June 21, 2016, 5:14 p.m. UTC | #1 
On 6/21/2016 4:18 PM, Reshma Pattan wrote:
> using source length in strncpy can cause destination
> overflow if destination length is not big enough to
> handle the source string. Changes are made to use destination
> size instead of source length in strncpy.
> 
> Cverity issue 127350: string overflow
> 
> Fixes: 278f945402c5 ("pdump: add new library for packet capture")
> 
> Signed-off-by: Reshma Pattan <reshma.pattan@intel.com>
> ---
>  lib/librte_pdump/rte_pdump.c | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/lib/librte_pdump/rte_pdump.c b/lib/librte_pdump/rte_pdump.c
> index dbc6816..05513d6 100644
> --- a/lib/librte_pdump/rte_pdump.c
> +++ b/lib/librte_pdump/rte_pdump.c
> @@ -460,8 +460,7 @@ pdump_get_socket_path(char *buffer, int bufsz, enum rte_pdump_socktype type)
>  					SOCKET_PATH_HOME, __func__, __LINE__);
>  				return -1;
>  			}
> -		}
> -		else
> +		} else
syntax fix may be not belong to this patch

>  			dir = SOCKET_PATH_VAR_RUN;
>  	}
>  
> @@ -800,13 +799,15 @@ pdump_prepare_client_request(char *device, uint16_t queue,
>  	req.flags = flags;
>  	req.op =  operation;
>  	if ((operation & ENABLE) != 0) {
> -		strncpy(req.data.en_v1.device, device, strlen(device));
> +		strncpy(req.data.en_v1.device, device,
> +			sizeof(req.data.en_v1.device)-1);
"-" missing spaces around
diff mbox

Patch

diff --git a/lib/librte_pdump/rte_pdump.c b/lib/librte_pdump/rte_pdump.c
index dbc6816..05513d6 100644
--- a/lib/librte_pdump/rte_pdump.c
+++ b/lib/librte_pdump/rte_pdump.c
@@ -460,8 +460,7 @@  pdump_get_socket_path(char *buffer, int bufsz, enum rte_pdump_socktype type)
 					SOCKET_PATH_HOME, __func__, __LINE__);
 				return -1;
 			}
-		}
-		else
+		} else
 			dir = SOCKET_PATH_VAR_RUN;
 	}
 
@@ -800,13 +799,15 @@  pdump_prepare_client_request(char *device, uint16_t queue,
 	req.flags = flags;
 	req.op =  operation;
 	if ((operation & ENABLE) != 0) {
-		strncpy(req.data.en_v1.device, device, strlen(device));
+		strncpy(req.data.en_v1.device, device,
+			sizeof(req.data.en_v1.device)-1);
 		req.data.en_v1.queue = queue;
 		req.data.en_v1.ring = ring;
 		req.data.en_v1.mp = mp;
 		req.data.en_v1.filter = filter;
 	} else {
-		strncpy(req.data.dis_v1.device, device, strlen(device));
+		strncpy(req.data.dis_v1.device, device,
+			sizeof(req.data.dis_v1.device)-1);
 		req.data.dis_v1.queue = queue;
 		req.data.dis_v1.ring = NULL;
 		req.data.dis_v1.mp = NULL;