[dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer overrun with safe copy API

Liu, Changpeng changpeng.liu at intel.com
Tue May 22 19:58:57 CEST 2018

Previous message: [dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer overrun with safe copy API
Next message: [dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer overrun with safe copy API
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


> -----Original Message-----
> From: Thomas Monjalon [mailto:thomas at monjalon.net]
> Sent: Tuesday, May 22, 2018 10:48 AM
> To: Liu, Changpeng <changpeng.liu at intel.com>
> Cc: dev at dpdk.org
> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer
> overrun with safe copy API
> 
> 18/05/2018 01:32, Changpeng Liu:
> > Signed-off-by: Changpeng Liu <changpeng.liu at intel.com>
> 
> Missing explanations.
> 
> > -			strlcpy((char *)vpage->params, bdev->name,
> > -					sizeof(vpage->params));
> > +			vhost_strcpy_pad((char *)vpage->params, bdev->name,
> > +					sizeof(vpage->params), ' ');
> 
> Why do you think vhost_strcpy_pad is safer than strlcpy?
A code Coverity issue 279452 reported for strlcpy, so here replace with internal API can avoid it.
> 
> > -	strncpy(bdev->name, bdev_name, sizeof(bdev->name));
> > -	strncpy(bdev->product_name, bdev_serial, sizeof(bdev->product_name));
> > +	snprintf(bdev->name, sizeof(bdev->name), "%s", bdev_name);
> > +	snprintf(bdev->product_name, sizeof(bdev->product_name),
> > +		"%s", bdev_serial);
> 
> You should use strlcpy.
>

Previous message: [dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer overrun with safe copy API
Next message: [dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer overrun with safe copy API
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list