[dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer overrun with safe copy API

Changpeng Liu changpeng.liu at intel.com
Fri May 18 01:32:12 CEST 2018

Previous message: [dpdk-dev] [PATCH 1/2] examples/vhost_scsi: add virtio-1.0 feature bit support
Next message: [dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer overrun with safe copy API
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Signed-off-by: Changpeng Liu <changpeng.liu at intel.com>
---
 examples/vhost_scsi/scsi.c       | 23 ++++++++++++-----------
 examples/vhost_scsi/vhost_scsi.c |  5 +++--
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/examples/vhost_scsi/scsi.c b/examples/vhost_scsi/scsi.c
index 0c2fa3e..1572098 100644
--- a/examples/vhost_scsi/scsi.c
+++ b/examples/vhost_scsi/scsi.c
@@ -182,8 +182,8 @@
 			break;
 		case SPC_VPD_UNIT_SERIAL_NUMBER:
 			hlen = 4;
-			strlcpy((char *)vpage->params, bdev->name,
-					sizeof(vpage->params));
+			vhost_strcpy_pad((char *)vpage->params, bdev->name,
+					sizeof(vpage->params), ' ');
 			vpage->alloc_len = rte_cpu_to_be_16(32);
 			break;
 		case SPC_VPD_DEVICE_IDENTIFICATION:
@@ -217,10 +217,11 @@
 			desig->piv = 1;
 			desig->reserved1 = 0;
 			desig->len = 8 + 16 + 32;
-			strlcpy((char *)desig->desig, "INTEL", 8);
+			vhost_strcpy_pad((char *)desig->desig, "INTEL", 8, ' ');
 			vhost_strcpy_pad((char *)&desig->desig[8],
 					 bdev->product_name, 16, ' ');
-			strlcpy((char *)&desig->desig[24], bdev->name, 32);
+			vhost_strcpy_pad((char *)&desig->desig[24], bdev->name,
+					32, ' ');
 			len += sizeof(struct scsi_desig_desc) + 8 + 16 + 32;
 
 			buf += sizeof(struct scsi_desig_desc) + desig->len;
@@ -277,17 +278,17 @@
 		inqdata->flags3 = 0x2;
 
 		/* T10 VENDOR IDENTIFICATION */
-		strlcpy((char *)inqdata->t10_vendor_id, "INTEL",
-			sizeof(inqdata->t10_vendor_id));
+		vhost_strcpy_pad((char *)inqdata->t10_vendor_id, "INTEL",
+			sizeof(inqdata->t10_vendor_id), ' ');
 
 		/* PRODUCT IDENTIFICATION */
-		snprintf((char *)inqdata->product_id,
-				RTE_DIM(inqdata->product_id), "%s",
-				bdev->product_name);
+		vhost_strcpy_pad((char *)inqdata->product_id,
+				bdev->product_name,
+				sizeof(inqdata->product_id), ' ');
 
 		/* PRODUCT REVISION LEVEL */
-		strlcpy((char *)inqdata->product_rev, "0001",
-			sizeof(inqdata->product_rev));
+		vhost_strcpy_pad((char *)inqdata->product_rev, "0001",
+			sizeof(inqdata->product_rev), ' ');
 
 		/* Standard inquiry data ends here. Only populate
 		 * remaining fields if alloc_len indicates enough
diff --git a/examples/vhost_scsi/vhost_scsi.c b/examples/vhost_scsi/vhost_scsi.c
index a1d542b..4e57462 100644
--- a/examples/vhost_scsi/vhost_scsi.c
+++ b/examples/vhost_scsi/vhost_scsi.c
@@ -183,8 +183,9 @@ static uint64_t gpa_to_vva(int vid, uint64_t gpa, uint64_t *len)
 	if (!bdev)
 		return NULL;
 
-	strncpy(bdev->name, bdev_name, sizeof(bdev->name));
-	strncpy(bdev->product_name, bdev_serial, sizeof(bdev->product_name));
+	snprintf(bdev->name, sizeof(bdev->name), "%s", bdev_name);
+	snprintf(bdev->product_name, sizeof(bdev->product_name),
+		"%s", bdev_serial);
 	bdev->blocklen = blk_size;
 	bdev->blockcnt = blk_cnt;
 	bdev->write_cache = wce_enable;
-- 
1.9.3

Previous message: [dpdk-dev] [PATCH 1/2] examples/vhost_scsi: add virtio-1.0 feature bit support
Next message: [dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer overrun with safe copy API
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list