| Message ID | 1466522285-15023-4-git-send-email-reshma.pattan@intel.com (mailing list archive) |
|---|---|
| State | Superseded, archived |
| Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [IPv6:::1]) by dpdk.org (Postfix) with ESMTP id AD3BEC40A; Tue, 21 Jun 2016 17:19:20 +0200 (CEST) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id 31244C40A for <dev@dpdk.org>; Tue, 21 Jun 2016 17:19:19 +0200 (CEST) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga101.jf.intel.com with ESMTP; 21 Jun 2016 08:18:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.26,504,1459839600"; d="scan'208";a="722880396" Received: from irvmail001.ir.intel.com ([163.33.26.43]) by FMSMGA003.fm.intel.com with ESMTP; 21 Jun 2016 08:18:09 -0700 Received: from sivswdev02.ir.intel.com (sivswdev02.ir.intel.com [10.237.217.46]) by irvmail001.ir.intel.com (8.14.3/8.13.6/MailSET/Hub) with ESMTP id u5LFI7VH024669; Tue, 21 Jun 2016 16:18:08 +0100 Received: from sivswdev02.ir.intel.com (localhost [127.0.0.1]) by sivswdev02.ir.intel.com with ESMTP id u5LFI7Fg015085; Tue, 21 Jun 2016 16:18:07 +0100 Received: (from reshmapa@localhost) by sivswdev02.ir.intel.com with id u5LFI7PT015080; Tue, 21 Jun 2016 16:18:07 +0100 From: Reshma Pattan <reshma.pattan@intel.com> To: dev@dpdk.org Cc: Reshma Pattan <reshma.pattan@intel.com> Date: Tue, 21 Jun 2016 16:18:05 +0100 Message-Id: <1466522285-15023-4-git-send-email-reshma.pattan@intel.com> X-Mailer: git-send-email 1.7.4.1 In-Reply-To: <1466522285-15023-1-git-send-email-reshma.pattan@intel.com> References: <1466522285-15023-1-git-send-email-reshma.pattan@intel.com> Subject: [dpdk-dev] [PATCH 3/3] app/pdump: fix string overflow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK <dev.dpdk.org> List-Unsubscribe: <http://dpdk.org/ml/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://dpdk.org/ml/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <http://dpdk.org/ml/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org> |
Commit Message
Pattan, Reshma
June 21, 2016, 3:18 p.m. UTC
using source length in strncpy can cause destination
overflow if destination length is not big enough to
handle the source string. Changes are made to use destination
size instead of source length in strncpy.
Coverity issue 127351: string overflow
Fixes: caa7028276b8 ("app/pdump: add tool for packet capturing")
Signed-off-by: Reshma Pattan <reshma.pattan@intel.com>
---
app/pdump/main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
On 6/21/2016 4:18 PM, Reshma Pattan wrote: > using source length in strncpy can cause destination > overflow if destination length is not big enough to > handle the source string. Changes are made to use destination > size instead of source length in strncpy. > > Coverity issue 127351: string overflow > > Fixes: caa7028276b8 ("app/pdump: add tool for packet capturing") > > Signed-off-by: Reshma Pattan <reshma.pattan@intel.com> > --- > app/pdump/main.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/app/pdump/main.c b/app/pdump/main.c > index f8923b9..af92ef3 100644 > --- a/app/pdump/main.c > +++ b/app/pdump/main.c > @@ -217,12 +217,12 @@ parse_rxtxdev(const char *key, const char *value, void *extra_args) > struct pdump_tuples *pt = extra_args; > > if (!strcmp(key, PDUMP_RX_DEV_ARG)) { > - strncpy(pt->rx_dev, value, strlen(value)); > + strncpy(pt->rx_dev, value, sizeof(pt->rx_dev)-1); I guess size-1 is to give room for terminating null byte, but for this case is it guarantied that pt->rx_dev last byte is NULL?
> if (!strcmp(key, PDUMP_RX_DEV_ARG)) { > - strncpy(pt->rx_dev, value, strlen(value)); > + strncpy(pt->rx_dev, value, sizeof(pt->rx_dev)-1); I guess size-1 is to give room for terminating null byte, but for this case is it guarantied that pt->rx_dev last byte is NULL? why not just use a snprintf(...) here since it has better error behavior ? although compared to str*cpy it might be a bit slow, but hopefully that should be ok ? -- thanks anupam On Tue, Jun 21, 2016 at 10:51 PM, Ferruh Yigit <ferruh.yigit@intel.com> wrote: > On 6/21/2016 4:18 PM, Reshma Pattan wrote: > > using source length in strncpy can cause destination > > overflow if destination length is not big enough to > > handle the source string. Changes are made to use destination > > size instead of source length in strncpy. > > > > Coverity issue 127351: string overflow > > > > Fixes: caa7028276b8 ("app/pdump: add tool for packet capturing") > > > > Signed-off-by: Reshma Pattan <reshma.pattan@intel.com> > > --- > > app/pdump/main.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/app/pdump/main.c b/app/pdump/main.c > > index f8923b9..af92ef3 100644 > > --- a/app/pdump/main.c > > +++ b/app/pdump/main.c > > @@ -217,12 +217,12 @@ parse_rxtxdev(const char *key, const char *value, > void *extra_args) > > struct pdump_tuples *pt = extra_args; > > > > if (!strcmp(key, PDUMP_RX_DEV_ARG)) { > > - strncpy(pt->rx_dev, value, strlen(value)); > > + strncpy(pt->rx_dev, value, sizeof(pt->rx_dev)-1); > > I guess size-1 is to give room for terminating null byte, but for this > case is it guarantied that pt->rx_dev last byte is NULL? > >
On Wed, Jun 22, 2016 at 12:16:27PM +0530, Anupam Kapoor wrote: > > if (!strcmp(key, PDUMP_RX_DEV_ARG)) { > > - strncpy(pt->rx_dev, value, strlen(value)); > > + strncpy(pt->rx_dev, value, sizeof(pt->rx_dev)-1); > > I guess size-1 is to give room for terminating null byte, but for this > case is it guarantied that pt->rx_dev last byte is NULL? > > why not just use a snprintf(...) here since it has better error behavior ? > although compared to str*cpy it might be a bit slow, but hopefully that > should be ok ? > Definite +1. For safely copying strings I think snprintf is often the easiest API to use. /Bruce > -- > thanks > anupam > > > On Tue, Jun 21, 2016 at 10:51 PM, Ferruh Yigit <ferruh.yigit@intel.com> > wrote: > > > On 6/21/2016 4:18 PM, Reshma Pattan wrote: > > > using source length in strncpy can cause destination > > > overflow if destination length is not big enough to > > > handle the source string. Changes are made to use destination > > > size instead of source length in strncpy. > > > > > > Coverity issue 127351: string overflow > > > > > > Fixes: caa7028276b8 ("app/pdump: add tool for packet capturing") > > > > > > Signed-off-by: Reshma Pattan <reshma.pattan@intel.com> > > > --- > > > app/pdump/main.c | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/app/pdump/main.c b/app/pdump/main.c > > > index f8923b9..af92ef3 100644 > > > --- a/app/pdump/main.c > > > +++ b/app/pdump/main.c > > > @@ -217,12 +217,12 @@ parse_rxtxdev(const char *key, const char *value, > > void *extra_args) > > > struct pdump_tuples *pt = extra_args; > > > > > > if (!strcmp(key, PDUMP_RX_DEV_ARG)) { > > > - strncpy(pt->rx_dev, value, strlen(value)); > > > + strncpy(pt->rx_dev, value, sizeof(pt->rx_dev)-1); > > > > I guess size-1 is to give room for terminating null byte, but for this > > case is it guarantied that pt->rx_dev last byte is NULL? > > > > > > > -- > In the beginning was the lambda, and the lambda was with Emacs, and Emacs > was the lambda.
Hi, > -----Original Message----- > From: Richardson, Bruce > Sent: Wednesday, June 22, 2016 10:22 AM > To: Anupam Kapoor <anupam.kapoor@gmail.com> > Cc: Yigit, Ferruh <ferruh.yigit@intel.com>; Pattan, Reshma > <reshma.pattan@intel.com>; dev@dpdk.org > Subject: Re: [dpdk-dev] [PATCH 3/3] app/pdump: fix string overflow > > On Wed, Jun 22, 2016 at 12:16:27PM +0530, Anupam Kapoor wrote: > > > if (!strcmp(key, PDUMP_RX_DEV_ARG)) { > > > - strncpy(pt->rx_dev, value, strlen(value)); > > > + strncpy(pt->rx_dev, value, sizeof(pt->rx_dev)-1); > > > > I guess size-1 is to give room for terminating null byte, but for this > > case is it guarantied that pt->rx_dev last byte is NULL? > > > > why not just use a snprintf(...) here since it has better error behavior ? > > although compared to str*cpy it might be a bit slow, but hopefully > > that should be ok ? > > > > Definite +1. For safely copying strings I think snprintf is often the easiest API to > use. > Ok, will make the changes. Thanks, Reshma
diff --git a/app/pdump/main.c b/app/pdump/main.c index f8923b9..af92ef3 100644 --- a/app/pdump/main.c +++ b/app/pdump/main.c @@ -217,12 +217,12 @@ parse_rxtxdev(const char *key, const char *value, void *extra_args) struct pdump_tuples *pt = extra_args; if (!strcmp(key, PDUMP_RX_DEV_ARG)) { - strncpy(pt->rx_dev, value, strlen(value)); + strncpy(pt->rx_dev, value, sizeof(pt->rx_dev)-1); /* identify the tx stream type for pcap vdev */ if (if_nametoindex(pt->rx_dev)) pt->rx_vdev_stream_type = IFACE; } else if (!strcmp(key, PDUMP_TX_DEV_ARG)) { - strncpy(pt->tx_dev, value, strlen(value)); + strncpy(pt->tx_dev, value, sizeof(pt->tx_dev)-1); /* identify the tx stream type for pcap vdev */ if (if_nametoindex(pt->tx_dev)) pt->tx_vdev_stream_type = IFACE;