[dpdk-dev] [PATCH] examples/ipsec-secgw: fix copy into fixed size buffer issue

Ferruh Yigit ferruh.yigit at intel.com
Fri Nov 4 15:15:40 CET 2016


On 11/3/2016 12:12 PM, Fan Zhang wrote:
> Coverity issue: 137875
> Fixes: 0d547ed0 ("examples/ipsec-secgw: support configuration
> file")
> 
> Signed-off-by: Fan Zhang <roy.fan.zhang at intel.com>
> ---
>  examples/ipsec-secgw/sa.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> index 9e2c8a9..c891be2 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -177,7 +177,7 @@ parse_key_string(const char *key_str, uint8_t *key)
>  		pt_end = strchr(pt_start, ':');
>  
>  		if (pt_end == NULL)
> -			strncpy(sub_str, pt_start, strlen(pt_start));
> +			strncpy(sub_str, pt_start, strlen(sub_str) - 1);

sub_str initial value is not known, "strlen(sub_str) - 1" leaves last
byte of the string random, instead of intended NULL.

Also sub_str has hardcoded length of 3, it can be good to confirm NULL
terminated byte taken into account, and number actually can be maximum
two digits long.

>  		else {
>  			if (pt_end - pt_start > 2)
>  				return 0;
> 



More information about the dev mailing list