[dpdk-dev] [PATCH] ethdev: fix invalid length write on dev detach

[Gaetan Rivet]

The name of a device is copied in a provided buffer within
rte_eth_dev_detach(). The current sizeof is done on a pointer instead of
the intended array usually pointed to.

The name field of an rte_device is not assured however to point an
rte_devargs name field. The almost correct length to base this copy over
is thus RTE_DEV_NAME_MAX_LEN.

Almost correct, because unfortunately this function does not allow the
user to pass down a size parameter for the buffer it is meant to write.
This API should be fixed, it is broken by design.

Fixes: a1e7c17555e8 ("ethdev: use device name from device structure")
Cc: Ferruh Yigit <ferruh.yigit at intel.com>

Signed-off-by: Gaetan Rivet <gaetan.rivet at 6wind.com>
---
 lib/librte_ether/rte_ethdev.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/librte_ether/rte_ethdev.c b/lib/librte_ether/rte_ethdev.c
index 805ef63..0597641 100644
--- a/lib/librte_ether/rte_ethdev.c
+++ b/lib/librte_ether/rte_ethdev.c
@@ -436,8 +436,8 @@ rte_eth_dev_detach(uint8_t port_id, char *name)
 	if (rte_eth_dev_is_detachable(port_id))
 		goto err;
 
-	snprintf(name, sizeof(rte_eth_devices[port_id].device->name),
-		 "%s", rte_eth_devices[port_id].device->name);
+	snprintf(name, RTE_DEV_NAME_MAX_LEN, "%s",
+		 rte_eth_devices[port_id].device->name);
 
 	ret = rte_eal_dev_detach(rte_eth_devices[port_id].device);
 	if (ret < 0)
-- 
2.1.4