[PATCH v5 06/17] telemetry: avoid possible string overflow

Stephen Hemminger stephen at networkplumber.org
Sun Dec 7 20:11:57 CET 2025

Previous message (by thread): [PATCH v5 05/17] latencystats: add check for string overflow
Next message (by thread): [PATCH v5 07/17] efd: handle possible name truncation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When registering client the input parameter could have a too
large unix domain path. Improve the string handling by avoiding
temporary buffer, and check the length.

Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
---
 lib/telemetry/telemetry_legacy.c | 37 +++++++++++++++++++-------------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/lib/telemetry/telemetry_legacy.c b/lib/telemetry/telemetry_legacy.c
index 89ec750c09..24f663eee7 100644
--- a/lib/telemetry/telemetry_legacy.c
+++ b/lib/telemetry/telemetry_legacy.c
@@ -82,34 +82,41 @@ static int
 register_client(const char *cmd __rte_unused, const char *params,
 		char *buffer __rte_unused, int buf_len __rte_unused)
 {
+	const char *colon = strchr(params, ':');
+
+	if (colon == NULL) {
+		fprintf(stderr, "Invalid client data: missing colon\n");
+		return -1;
+	}
+
 #ifndef RTE_EXEC_ENV_WINDOWS
 	pthread_t th;
-	char data[BUF_SIZE];
-	int fd;
-	int rc;
-	struct sockaddr_un addrs;
-#endif /* !RTE_EXEC_ENV_WINDOWS */
+	int fd, rc;
+	struct sockaddr_un addrs = { .sun_family = AF_UNIX };
 
-	if (!strchr(params, ':')) {
-		fprintf(stderr, "Invalid data\n");
+	if (colon[1] != '"') {
+		fprintf(stderr, "Invalid client data: missing quote\n");
 		return -1;
 	}
-#ifndef RTE_EXEC_ENV_WINDOWS
-	strlcpy(data, strchr(params, ':'), sizeof(data));
-	memmove(data, &data[strlen(":\"")], strlen(data));
-	if (!strchr(data, '\"')) {
-		fprintf(stderr, "Invalid client data\n");
+
+	const char *endquote = strchr(colon + 1, '"');
+	if (endquote == NULL) {
+		fprintf(stderr, "Invalid client data: missing end quote\n");
+		return -1;
+	}
+
+	size_t len = endquote - colon + 1;
+	if (len == 0 || len >= sizeof(addrs.sun_path)) {
+		fprintf(stderr, "Invalid client data: path length\n");
 		return -1;
 	}
-	*strchr(data, '\"') = 0;
+	strncpy(addrs.sun_path, colon + 1, len);
 
 	fd = socket(AF_UNIX, SOCK_SEQPACKET, 0);
 	if (fd < 0) {
 		perror("Failed to open socket");
 		return -1;
 	}
-	addrs.sun_family = AF_UNIX;
-	strlcpy(addrs.sun_path, data, sizeof(addrs.sun_path));
 
 	if (connect(fd, (struct sockaddr *)&addrs, sizeof(addrs)) == -1) {
 		perror("\nClient connection error\n");
-- 
2.51.0

Previous message (by thread): [PATCH v5 05/17] latencystats: add check for string overflow
Next message (by thread): [PATCH v5 07/17] efd: handle possible name truncation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list