[PATCH v5 2/4] lib: fix comparison between devices
    Stephen Hemminger 
    stephen at networkplumber.org
       
    Tue Feb 11 19:04:56 CET 2025
    
    
  
On Tue, 11 Feb 2025 17:54:26 +0000
Bruce Richardson <bruce.richardson at intel.com> wrote:
> On Tue, Feb 11, 2025 at 09:48:32AM -0800, Stephen Hemminger wrote:
> > On Thu, 6 Feb 2025 02:08:36 +0200
> > Shani Peretz <shperetz at nvidia.com> wrote:
> >   
> > >  static int
> > > -cdx_parse(const char *name, void *addr)
> > > +cdx_parse(const char *name, void *addr, int *size)
> > >  {
> > > -	const char **out = addr;
> > >  	int ret;
> > >  
> > >  	ret = strncmp(name, CDX_DEV_PREFIX, strlen(CDX_DEV_PREFIX));
> > >  
> > > -	if (ret == 0 && addr)
> > > -		*out = name;
> > > +	if (ret != 0)
> > > +		return ret;
> > > +
> > > +	if (size != NULL)
> > > +		*size = strlen(name) + 1;
> > > +
> > > +	if (addr != NULL)
> > > +		rte_strscpy(addr, name, strlen(name) + 1);  
> > 
> > Why use rte_strscpy() here?
> > 
> > The intention of strscpy() is to handle case where the resulting
> > buffer is limited in size. By using the input string length you aren't really
> > doing anything different than strcpy(). Still unsafe if output (addr) is not big enough.  
> 
> And using strlcpy is probably fine too, without having to use dpdk-specific
> string functions.
> 
> /Bruce
The issue is that any length argument needs to come from caller based on the
size of the target buffer. Not from length of source string.
If you want to make parse code string safe, then either size needs to be always
present and in/out parameter or need to have a src_size and resulting size as separate params.
    
    
More information about the dev
mailing list