[PATCH v8 3/8] pcapng: add length checks to string arguments

Thomas Monjalon thomas at monjalon.net
Tue Feb 17 15:34:02 CET 2026

Previous message (by thread): [PATCH v8 3/8] pcapng: add length checks to string arguments
Next message (by thread): [PATCH v8 4/8] pcapng: use malloc instead of fixed buffer size
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

16/02/2026 22:38, Stephen Hemminger:
> The pcapng file format uses a 16-bit length field in the option
> TLV (Type-Length-Value) encoding, limiting strings to UINT16_MAX
> bytes.
> 
> Add validation for string arguments to prevent silent truncation
> or buffer issues when callers pass excessively long strings.

GCC warns on a remaining issue:

In function 'pcapng_add_option',
    inlined from 'rte_pcapng_write_stats' at ../../dpdk/lib/pcapng/rte_pcapng.c:376:9:
../../dpdk/lib/pcapng/rte_pcapng.c:136:17: error: 'memcpy' forming offset [2048, 65552] is out of the bounds [0, 2048] of object 'buf' with type 'uint32_t[512]' {aka 'unsigned int[512]'} [-Werror=array-bounds=]
  136 |                 memcpy(popt->data, data, len);
      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../dpdk/lib/pcapng/rte_pcapng.c: In function 'rte_pcapng_write_stats':
../../dpdk/lib/pcapng/rte_pcapng.c:346:18: note: 'buf' declared here
  346 |         uint32_t buf[PCAPNG_BLKSIZ];
      |                  ^~~

I have to do this change:

        if (comment)
                opt = pcapng_add_option(opt, PCAPNG_OPT_COMMENT,
-                                       comment, strlen(comment));
+                                       comment, strnlen(comment, PCAPNG_STR_MAX));

I'm not sure to understand why it fixes the problem on the buffer of size 2048,
but it works.

Previous message (by thread): [PATCH v8 3/8] pcapng: add length checks to string arguments
Next message (by thread): [PATCH v8 4/8] pcapng: use malloc instead of fixed buffer size
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list