[dpdk-dev] [PATCH 2/3] pdump: fix string overflow
Reshma Pattan
reshma.pattan at intel.com
Tue Jun 21 17:18:04 CEST 2016
using source length in strncpy can cause destination
overflow if destination length is not big enough to
handle the source string. Changes are made to use destination
size instead of source length in strncpy.
Cverity issue 127350: string overflow
Fixes: 278f945402c5 ("pdump: add new library for packet capture")
Signed-off-by: Reshma Pattan <reshma.pattan at intel.com>
---
lib/librte_pdump/rte_pdump.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/lib/librte_pdump/rte_pdump.c b/lib/librte_pdump/rte_pdump.c
index dbc6816..05513d6 100644
--- a/lib/librte_pdump/rte_pdump.c
+++ b/lib/librte_pdump/rte_pdump.c
@@ -460,8 +460,7 @@ pdump_get_socket_path(char *buffer, int bufsz, enum rte_pdump_socktype type)
SOCKET_PATH_HOME, __func__, __LINE__);
return -1;
}
- }
- else
+ } else
dir = SOCKET_PATH_VAR_RUN;
}
@@ -800,13 +799,15 @@ pdump_prepare_client_request(char *device, uint16_t queue,
req.flags = flags;
req.op = operation;
if ((operation & ENABLE) != 0) {
- strncpy(req.data.en_v1.device, device, strlen(device));
+ strncpy(req.data.en_v1.device, device,
+ sizeof(req.data.en_v1.device)-1);
req.data.en_v1.queue = queue;
req.data.en_v1.ring = ring;
req.data.en_v1.mp = mp;
req.data.en_v1.filter = filter;
} else {
- strncpy(req.data.dis_v1.device, device, strlen(device));
+ strncpy(req.data.dis_v1.device, device,
+ sizeof(req.data.dis_v1.device)-1);
req.data.dis_v1.queue = queue;
req.data.dis_v1.ring = NULL;
req.data.dis_v1.mp = NULL;
--
2.5.0
More information about the dev
mailing list