[dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer overrun with safe copy API
Changpeng Liu
changpeng.liu at intel.com
Fri May 18 01:32:12 CEST 2018
Signed-off-by: Changpeng Liu <changpeng.liu at intel.com>
---
examples/vhost_scsi/scsi.c | 23 ++++++++++++-----------
examples/vhost_scsi/vhost_scsi.c | 5 +++--
2 files changed, 15 insertions(+), 13 deletions(-)
diff --git a/examples/vhost_scsi/scsi.c b/examples/vhost_scsi/scsi.c
index 0c2fa3e..1572098 100644
--- a/examples/vhost_scsi/scsi.c
+++ b/examples/vhost_scsi/scsi.c
@@ -182,8 +182,8 @@
break;
case SPC_VPD_UNIT_SERIAL_NUMBER:
hlen = 4;
- strlcpy((char *)vpage->params, bdev->name,
- sizeof(vpage->params));
+ vhost_strcpy_pad((char *)vpage->params, bdev->name,
+ sizeof(vpage->params), ' ');
vpage->alloc_len = rte_cpu_to_be_16(32);
break;
case SPC_VPD_DEVICE_IDENTIFICATION:
@@ -217,10 +217,11 @@
desig->piv = 1;
desig->reserved1 = 0;
desig->len = 8 + 16 + 32;
- strlcpy((char *)desig->desig, "INTEL", 8);
+ vhost_strcpy_pad((char *)desig->desig, "INTEL", 8, ' ');
vhost_strcpy_pad((char *)&desig->desig[8],
bdev->product_name, 16, ' ');
- strlcpy((char *)&desig->desig[24], bdev->name, 32);
+ vhost_strcpy_pad((char *)&desig->desig[24], bdev->name,
+ 32, ' ');
len += sizeof(struct scsi_desig_desc) + 8 + 16 + 32;
buf += sizeof(struct scsi_desig_desc) + desig->len;
@@ -277,17 +278,17 @@
inqdata->flags3 = 0x2;
/* T10 VENDOR IDENTIFICATION */
- strlcpy((char *)inqdata->t10_vendor_id, "INTEL",
- sizeof(inqdata->t10_vendor_id));
+ vhost_strcpy_pad((char *)inqdata->t10_vendor_id, "INTEL",
+ sizeof(inqdata->t10_vendor_id), ' ');
/* PRODUCT IDENTIFICATION */
- snprintf((char *)inqdata->product_id,
- RTE_DIM(inqdata->product_id), "%s",
- bdev->product_name);
+ vhost_strcpy_pad((char *)inqdata->product_id,
+ bdev->product_name,
+ sizeof(inqdata->product_id), ' ');
/* PRODUCT REVISION LEVEL */
- strlcpy((char *)inqdata->product_rev, "0001",
- sizeof(inqdata->product_rev));
+ vhost_strcpy_pad((char *)inqdata->product_rev, "0001",
+ sizeof(inqdata->product_rev), ' ');
/* Standard inquiry data ends here. Only populate
* remaining fields if alloc_len indicates enough
diff --git a/examples/vhost_scsi/vhost_scsi.c b/examples/vhost_scsi/vhost_scsi.c
index a1d542b..4e57462 100644
--- a/examples/vhost_scsi/vhost_scsi.c
+++ b/examples/vhost_scsi/vhost_scsi.c
@@ -183,8 +183,9 @@ static uint64_t gpa_to_vva(int vid, uint64_t gpa, uint64_t *len)
if (!bdev)
return NULL;
- strncpy(bdev->name, bdev_name, sizeof(bdev->name));
- strncpy(bdev->product_name, bdev_serial, sizeof(bdev->product_name));
+ snprintf(bdev->name, sizeof(bdev->name), "%s", bdev_name);
+ snprintf(bdev->product_name, sizeof(bdev->product_name),
+ "%s", bdev_serial);
bdev->blocklen = blk_size;
bdev->blockcnt = blk_cnt;
bdev->write_cache = wce_enable;
--
1.9.3
More information about the dev
mailing list