[dpdk-dev] [PATCH 06/10] lib/librte_pipeline: fix the use of unsafe strcpy
Dumitrescu, Cristian
cristian.dumitrescu at intel.com
Mon Jul 3 12:57:22 CEST 2023
> -----Original Message-----
> From: Stephen Hemminger <stephen at networkplumber.org>
> Sent: Friday, June 30, 2023 7:09 PM
> To: Min Hu (Connor) <humin29 at huawei.com>
> Cc: dev at dpdk.org; ferruh.yigit at intel.com; Dumitrescu, Cristian
> <cristian.dumitrescu at intel.com>; jerinj at marvell.com;
> jianjay.zhou at huawei.com; jia.guo at intel.com; g.singh at nxp.com;
> andrew.rybchenko at oktetlabs.ru; hemant.agrawal at nxp.com; orika at nvidia.com
> Subject: Re: [dpdk-dev] [PATCH 06/10] lib/librte_pipeline: fix the use of unsafe
> strcpy
>
> On Mon, 19 Apr 2021 21:34:45 +0800
> "Min Hu (Connor)" <humin29 at huawei.com> wrote:
>
> > From: HongBo Zheng <zhenghongbo3 at huawei.com>
> >
> > 'strcpy' is called in rte_swx_ctl_table_info_get, this function
> > is unsafe, use 'strncpy' instead.
> >
> > Fixes: 393b96e2aa2a ("pipeline: add SWX pipeline query API")
> > Cc: stable at dpdk.org
> >
> > Signed-off-by: HongBo Zheng <zhenghongbo3 at huawei.com>
> > Signed-off-by: Min Hu (Connor) <humin29 at huawei.com>
> > ---
> > lib/librte_pipeline/rte_swx_pipeline.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/lib/librte_pipeline/rte_swx_pipeline.c
> b/lib/librte_pipeline/rte_swx_pipeline.c
> > index 4455d91..d4db4dd 100644
> > --- a/lib/librte_pipeline/rte_swx_pipeline.c
> > +++ b/lib/librte_pipeline/rte_swx_pipeline.c
> > @@ -9447,8 +9447,8 @@ rte_swx_ctl_table_info_get(struct rte_swx_pipeline
> *p,
> > if (!t)
> > return -EINVAL;
> >
> > - strcpy(table->name, t->name);
> > - strcpy(table->args, t->args);
> > + strncpy(table->name, t->name, RTE_SWX_CTL_NAME_SIZE);
> > + strncpy(table->args, t->args, RTE_SWX_CTL_NAME_SIZE);
> > table->n_match_fields = t->n_fields;
> > table->n_actions = t->n_actions;
> > table->default_action_is_const = t->default_action_is_const;
>
> This patch is unnecessary.
> Both structures declare the same size for the name and args.
> Therefore the strcpy is always safe as long as the table structure
> is correctly setup with null terminated string. If not there are worse bugs.
+1
Agree with Steve, this is not necessary here.
More information about the dev
mailing list