[dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer overrun with safe copy API

Thomas Monjalon thomas at monjalon.net
Tue May 22 19:47:39 CEST 2018


18/05/2018 01:32, Changpeng Liu:
> Signed-off-by: Changpeng Liu <changpeng.liu at intel.com>

Missing explanations.

> -			strlcpy((char *)vpage->params, bdev->name,
> -					sizeof(vpage->params));
> +			vhost_strcpy_pad((char *)vpage->params, bdev->name,
> +					sizeof(vpage->params), ' ');

Why do you think vhost_strcpy_pad is safer than strlcpy?

> -	strncpy(bdev->name, bdev_name, sizeof(bdev->name));
> -	strncpy(bdev->product_name, bdev_serial, sizeof(bdev->product_name));
> +	snprintf(bdev->name, sizeof(bdev->name), "%s", bdev_name);
> +	snprintf(bdev->product_name, sizeof(bdev->product_name),
> +		"%s", bdev_serial);

You should use strlcpy.




More information about the dev mailing list