<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style> </head> <body dir="ltr"> <div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> <br> </div> <div id="appendonsend"></div> <pre class="elementToProof"><div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"><code>Applied to dpdk-next-net-mrvl/for-main. Thanks </code></div></pre> <div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> <br> </div> <hr style="display: inline-block; width: 98%;"> <div id="divRplyFwdMsg"> <div style="direction: ltr; font-family: Calibri, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);"> <b>From:</b> Sergei Iashin <yashin.sergey@gmail.com><br> <b>Sent:</b> Tuesday, April 7, 2026 1:27 PM<br> <b>To:</b> Harman Kalra <hkalra@marvell.com>; Jerin Jacob <jerinj@marvell.com>; Santosh Shukla <santosh.shukla@caviumnetworks.com><br> <b>Cc:</b> dev@dpdk.org <dev@dpdk.org>; stable@dpdk.org <stable@dpdk.org>; jerin.jacob@caviumnetworks.com <jerin.jacob@caviumnetworks.com>; Sergei Iashin <yashin.sergey@gmail.com><br> <b>Subject:</b> [EXTERNAL] [PATCH] net/octeontx: fix buffer overflow in device name formatting</div> <div style="direction: ltr;"> </div> </div> <div style="line-height: 1px; max-height: 0px; display: none; font-size: 1px; color: rgb(255, 255, 255);"> Replace sprintf with snprintf when formatting into the fixed-size octtx_name buffer in octeontx_create and octeontx_remove. The device name can be up to 63 bytes (RTE_DEV_NAME_MAX_LEN) while the buffer is only 32 bytes (OCTEONTX_MAX_NAME_LEN),</div> <div style="line-height: 1px; max-height: 0px; display: none; font-size: 1px; color: rgb(255, 255, 255);"> ZjQcmQRYFpfptBannerStart</div> <div id="x_pfptBanners6g61cl" style="background-color: rgb(210, 208, 208); margin: 0px 0px 10px; padding: 7px 16px 8px; border-top: 4px solid rgb(141, 140, 140); border-radius: 4px; max-width: none; max-height: none; min-width: 200px; display: block;"> <div id="x_pfptBanners6g61cl" style="background-color: rgb(210, 208, 208); margin: 1px 0px; max-width: 600px; max-height: none; display: block;"> <div id="x_pfptBanners6g61cl" style="background-color: rgb(210, 208, 208); max-width: none; max-height: none; display: block;"> <div style="direction: ltr; text-align: left; line-height: 1.29; font-family: Arial, sans-serif; font-size: 14px; color: rgb(0, 0, 0);"> <b>Prioritize security for external emails:</b></div> </div> <div id="x_pfptBanners6g61cl" style="background-color: rgb(210, 208, 208); margin-top: 2px; max-width: none; max-height: none; display: block;"> <div style="direction: ltr; text-align: left; line-height: 1.5; font-family: Arial, sans-serif; font-size: 12px; color: rgb(0, 0, 0);"> Confirm sender and content safety before clicking links or opening attachments</div> </div> </div> <div id="x_pfptBanners6g61cl" style="background-color: rgb(210, 208, 208); margin-top: 1px; margin-left: 16px; max-width: none; max-height: none; display: block;"> <div id="x_pfptBanners6g61cl" style="background-color: rgb(210, 208, 208); max-width: none; max-height: none; display: inline-block;"> <div style="margin-top: 3px; margin-bottom: 3px; margin-left: 16px; padding: 7.5px 16px; border-width: 1px; border-style: solid; border-color: rgb(102, 102, 102); border-radius: 2px; display: inline-block;"> <div id="x_pfptBanners6g61cl" style="background-color: rgb(210, 208, 208); max-width: none; max-height: none; display: inline-block;"> <div id="OWAa705abc5-9e78-8802-f5d2-c52fac0b9466" style="background-color: rgb(210, 208, 208); max-width: none; max-height: none; display: inline-block;"> <div style="direction: ltr; text-align: right; white-space: nowrap; font-family: Arial, sans-serif; font-size: 14px; color: rgb(0, 0, 0);"> <a href="https://us-phishalarm-ewt.proofpoint.com/EWT/v1/CRVmXkqW!tm3Z1f8UYnVa9O-8WX26DsK-0LaBO_9qwE4pEx2cpcKfFql8RWpbr-t0B-4n0FjU7XSDAvlitsV3KK8Ua-2nw37gJz6mivFAuDI$" id="OWAa705abc5-9e78-8802-f5d2-c52fac0b9466" class="OWAAutoLink" data-auth="NotApplicable" style="text-decoration: none; display: inline-block; background-color: rgb(210, 208, 208); max-width: none; max-height: none;">Report Suspicious</a></div> </div> </div> </div> </div> </div> <div style="direction: ltr; text-align: left; line-height: 0; display: block; font-size: 0.01px;"> </div> </div> <div style="line-height: 1px; max-height: 0px; display: none; font-size: 1px; color: rgb(255, 255, 255);"> ZjQcmQRYFpfptBannerEnd</div> <pre><div style="white-space: pre-wrap; font-family: sans-serif;">Replace sprintf with snprintf when formatting into the fixed-size octtx_name buffer in octeontx_create and octeontx_remove. The device name can be up to 63 bytes (RTE_DEV_NAME_MAX_LEN) while the buffer is only 32 bytes (OCTEONTX_MAX_NAME_LEN), which may cause a stack buffer overflow with a long user-provided --vdev name. Fixes: f18b146c498d ("net/octeontx: create ethdev ports") Cc: stable@dpdk.org Signed-off-by: Sergei Iashin <yashin.sergey@gmail.com> --- drivers/net/octeontx/octeontx_ethdev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/octeontx/octeontx_ethdev.c b/drivers/net/octeontx/octeontx_ethdev.c index 21e3e56901..e4dca30d9d 100644 --- a/drivers/net/octeontx/octeontx_ethdev.c +++ b/drivers/net/octeontx/octeontx_ethdev.c @@ -1555,7 +1555,7 @@ octeontx_create(struct rte_vdev_device *dev, int port, uint8_t evdev, PMD_INIT_FUNC_TRACE(); - sprintf(octtx_name, "%s_%d", name, port); + snprintf(octtx_name, sizeof(octtx_name), "%s_%d", name, port); if (rte_eal_process_type() != RTE_PROC_PRIMARY) { eth_dev = rte_eth_dev_attach_secondary(octtx_name); if (eth_dev == NULL) @@ -1711,7 +1711,7 @@ octeontx_remove(struct rte_vdev_device *dev) return -EINVAL; for (i = 0; i < OCTEONTX_VDEV_DEFAULT_MAX_NR_PORT; i++) { - sprintf(octtx_name, "eth_octeontx_%d", i); + snprintf(octtx_name, sizeof(octtx_name), "eth_octeontx_%d", i); eth_dev = rte_eth_dev_allocated(octtx_name); if (eth_dev == NULL) -- 2.39.5 </div></pre> </body> </html>