[dpdk-dev] [PATCH] bus/pci: fix driver name string manipulation
Andy Green
andy at warmcat.com
Tue May 15 12:19:19 CEST 2018
On 05/15/2018 06:03 PM, Jerin Jacob wrote:
> sizeof(dri_name) is 8B on 64Bit systems.The intended operation is coping
> the string after '/' from the string `name`.
>
> This bug is not letting to probe any device string >8B hence results in
> the testpmd error("No ethernet devices found) on some PMDs.
You are right... but...
> Cc: Andy Green <andy at warmcat.com>
> Cc: Pablo de Lara <pablo.de.lara.guarch at intel.com>
>
> Fixes: fe5f777b538 ("bus/pci: replace strncpy by strlcpy")
>
> Signed-off-by: Jerin Jacob <jerin.jacob at caviumnetworks.com>
> ---
> drivers/bus/pci/linux/pci.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/bus/pci/linux/pci.c b/drivers/bus/pci/linux/pci.c
> index a73ee49c2..cd45875b1 100644
> --- a/drivers/bus/pci/linux/pci.c
> +++ b/drivers/bus/pci/linux/pci.c
> @@ -54,7 +54,7 @@ pci_get_kernel_driver_by_path(const char *filename, char *dri_name)
>
> name = strrchr(path, '/');
> if (name) {
> - strlcpy(dri_name, name + 1, sizeof(dri_name));
> + strlcpy(dri_name, name + 1, strlen(name));
... this fix is no good. The underlying problem is the length of
dri_name is not getting passed into this function... it just doesn't
know how much of dri_name is safe to use. Telling it to use the
strlen() of something unrelated is going to make buffer overflows possible.
I sent a patch to the list a few hours ago that amends this function to
take the allocated length of dri_name, and sets the limit for the
strlcpy() to that, so no matter what turns up in name it's not possible
to blow past dri_name allocation.
[dpdk-dev] [PATCH] bus/pci: correct the earlier strlcpy conversion
-Andy
> return 0;
> }
>
>
More information about the dev
mailing list