[dpdk-dev] [PATCH] net/nfp: fix sprintf with snprintf

Ferruh Yigit ferruh.yigit at intel.com
Fri Mar 1 16:25:48 CET 2019


On 2/4/2019 7:22 AM, Pallantla Poornima wrote:
> sprintf function is not secure as it doesn't check the length of string.
> More secure function snprintf is used.

Can you please update title to reflect what actually fixed, something like:
net/nfp: fix possible buffer overflow

> 
> Fixes: 896c265ef9 ("net/nfp: use new CPP interface")
> Fixes: c4171b520b ("net/nfp: support PF multiport")
> Cc: stable at dpdk.org
> 
> Signed-off-by: Pallantla Poornima <pallantlax.poornima at intel.com>
> ---
>  drivers/net/nfp/nfp_net.c | 20 ++++++++++++--------
>  1 file changed, 12 insertions(+), 8 deletions(-)
> 
> diff --git a/drivers/net/nfp/nfp_net.c b/drivers/net/nfp/nfp_net.c
> index a791e95e2..dd8cae135 100644
> --- a/drivers/net/nfp/nfp_net.c
> +++ b/drivers/net/nfp/nfp_net.c
> @@ -3318,9 +3318,9 @@ nfp_pf_create_dev(struct rte_pci_device *dev, int port, int ports,
>  		return -ENOMEM;
>  
>  	if (ports > 1)
> -		sprintf(port_name, "%s_port%d", dev->device.name, port);
> +		snprintf(port_name, 100, "%s_port%d", dev->device.name, port);
>  	else
> -		sprintf(port_name, "%s", dev->device.name);
> +		snprintf(port_name, 100, "%s", dev->device.name);

This can be done as strlcat() but I leave this to Alejandro, unless you don't
get his feedback I think good to continue as it is.

<...>

> @@ -3530,8 +3533,9 @@ nfp_fw_setup(struct rte_pci_device *dev, struct nfp_cpp *cpp,
>  
>  	PMD_DRV_LOG(INFO, "Port speed: %u", nfp_eth_table->ports[0].speed);
>  
> -	sprintf(card_desc, "nic_%s_%dx%d.nffw", nfp_fw_model,
> -		nfp_eth_table->count, nfp_eth_table->ports[0].speed / 1000);
> +	snprintf(card_desc, sizeof(card_desc), "nic_%s_%dx%d.nffw",
> +			nfp_fw_model, nfp_eth_table->count,
> +				nfp_eth_table->ports[0].speed / 1000);

Can you please fix the indentation?


More information about the dev mailing list