[dpdk-dev] [PATCH v5] drivers: fix possible overflow with strcat
Ferruh Yigit
ferruh.yigit at intel.com
Wed Mar 13 19:39:59 CET 2019
On 3/7/2019 12:56 PM, Chaitanya Babu Talluri wrote:
> strcat does not check the destination length and there might be
> chances of string overflow so instead of strcat, strlcat is used.
>
> Fixes: 6f4eec2565 ("test/crypto: enhance scheduler unit tests")
> Fixes: 540a211084 ("bnx2x: driver core")
> Fixes: e163c18a15 ("net/i40e: update ptype and pctype info")
> Cc: stable at dpdk.org
>
> Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu at intel.com>
> ---
> v5: Removed strcat.
You also dropped "drivers/net/nfp/nfpcore/nfp_cpp_pcie_ops.c" change which was
in v4, intentional?
> v4: Corrected usage of strlcat.
> v3: Instead of strncat, used strlcat.
> v2: Instead of strncat, used snprintf.
> ---
> app/test/test_cryptodev.c | 3 ++-
test_cryptodev.c is not driver, also for organizational issues, can you send it
as separate patch?
When it is removed, you can use "drivers/net: ..." in patch title.
> drivers/net/bnx2x/bnx2x.c | 5 +++--
> drivers/net/i40e/i40e_ethdev.c | 4 ++--
> 3 files changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> index 32f1893bc..8d5c138a5 100644
> --- a/app/test/test_cryptodev.c
> +++ b/app/test/test_cryptodev.c
> @@ -11,6 +11,7 @@
> #include <rte_memcpy.h>
> #include <rte_pause.h>
> #include <rte_bus_vdev.h>
> +#include <rte_string_fns.h>
>
> #include <rte_crypto.h>
> #include <rte_cryptodev.h>
> @@ -375,7 +376,7 @@ testsuite_setup(void)
> snprintf(vdev_args, sizeof(vdev_args),
> "%s%d", temp_str, i);
> strcpy(temp_str, vdev_args);
> - strcat(temp_str, ";");
> + strlcat(temp_str, ";", sizeof(temp_str));
> slave_core_count++;
> socket_id = lcore_config[i].socket_id;
> }
> diff --git a/drivers/net/bnx2x/bnx2x.c b/drivers/net/bnx2x/bnx2x.c
> index 26b3828e8..ab092e23f 100644
> --- a/drivers/net/bnx2x/bnx2x.c
> +++ b/drivers/net/bnx2x/bnx2x.c
> @@ -25,6 +25,7 @@
> #include <sys/stat.h>
> #include <fcntl.h>
> #include <zlib.h>
> +#include <rte_string_fns.h>
>
> #define BNX2X_PMD_VER_PREFIX "BNX2X PMD"
> #define BNX2X_PMD_VERSION_MAJOR 1
> @@ -11741,13 +11742,13 @@ static const char *get_bnx2x_flags(uint32_t flags)
>
> for (i = 0; i < 5; i++)
> if (flags & (1 << i)) {
> - strcat(flag_str, flag[i]);
> + strlcat(flag_str, flag[i], sizeof(flag_str));
> flags ^= (1 << i);
> }
> if (flags) {
> static char unknown[BNX2X_INFO_STR_MAX];
> snprintf(unknown, 32, "Unknown flag mask %x", flags);
> - strcat(flag_str, unknown);
> + strlcat(flag_str, unknown, sizeof(flag_str));
> }
> return flag_str;
> }
> diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
> index dca61f03a..9bc9a4390 100644
> --- a/drivers/net/i40e/i40e_ethdev.c
> +++ b/drivers/net/i40e/i40e_ethdev.c
> @@ -12201,8 +12201,8 @@ i40e_update_customized_pctype(struct rte_eth_dev *dev, uint8_t *pkg,
> for (n = 0; n < proto_num; n++) {
> if (proto[n].proto_id != proto_id)
> continue;
> - strcat(name, proto[n].name);
> - strcat(name, "_");
> + strlcat(name, proto[n].name, sizeof(name));
> + strlcat(name, "_", sizeof(name));
> break;
> }
> }
>
More information about the dev
mailing list