diff mbox

[dpdk-dev,v3] examples/vhost_scsi: fix buffer not terminated

Message ID 1507808061-37679-1-git-send-email-jacekx.piasecki@intel.com (mailing list archive)
State Superseded, archived
Delegated to: Yuanhan Liu
Headers

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK

Commit Message

Jacek Piasecki Oct. 12, 2017, 11:34 a.m. UTC 
  Use snprintf instead strncpy to get safe null string termination.
There was possible to get not terminated string after strncpy operation.

Coverity issue: 158631
Fixes: db75c7af19bb ("examples/vhost_scsi: introduce a new sample app")
Cc: changpeng.liu@intel.com
Cc: stable@dpdk.org

Signed-off-by: Jacek Piasecki <jacekx.piasecki@intel.com>
---
 examples/vhost_scsi/scsi.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Maxime Coquelin Oct. 13, 2017, 7:12 a.m. UTC | #1 
On 10/12/2017 01:34 PM, Jacek Piasecki wrote:
> Use snprintf instead strncpy to get safe null string termination.
> There was possible to get not terminated string after strncpy operation.
> 
> Coverity issue: 158631
> Fixes: db75c7af19bb ("examples/vhost_scsi: introduce a new sample app")
> Cc: changpeng.liu@intel.com
> Cc: stable@dpdk.org
> 
> Signed-off-by: Jacek Piasecki <jacekx.piasecki@intel.com>
> ---
>   examples/vhost_scsi/scsi.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/examples/vhost_scsi/scsi.c b/examples/vhost_scsi/scsi.c
> index 54d3104..2de3110 100644
> --- a/examples/vhost_scsi/scsi.c
> +++ b/examples/vhost_scsi/scsi.c
> @@ -307,7 +307,9 @@ vhost_bdev_scsi_inquiry_command(struct vhost_block_dev *bdev,
>   		strncpy((char *)inqdata->t10_vendor_id, "INTEL", 8);
>   
>   		/* PRODUCT IDENTIFICATION */
> -		strncpy((char *)inqdata->product_id, bdev->product_name, 16);
> +		snprintf((char *)inqdata->product_id,
> +				ARRAY_SIZE(inqdata->product_id), "%s",
> +				bdev->product_name);
>   
>   		/* PRODUCT REVISION LEVEL */
>   		strncpy((char *)inqdata->product_rev, "0001", 4);
> 

Acked-by: Maxime Coquelin <maxime.coquelin@redhat.com>

Thanks,
Maxime
Yuanhan Liu Oct. 17, 2017, 1:26 p.m. UTC | #2 
On Fri, Oct 13, 2017 at 09:12:33AM +0200, Maxime Coquelin wrote:
> 
> 
> On 10/12/2017 01:34 PM, Jacek Piasecki wrote:
> >Use snprintf instead strncpy to get safe null string termination.
> >There was possible to get not terminated string after strncpy operation.
> >
> >Coverity issue: 158631
> >Fixes: db75c7af19bb ("examples/vhost_scsi: introduce a new sample app")
> >Cc: changpeng.liu@intel.com
> >Cc: stable@dpdk.org
> >
> >Signed-off-by: Jacek Piasecki <jacekx.piasecki@intel.com>
> >---
> >  examples/vhost_scsi/scsi.c | 4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
> >
> >diff --git a/examples/vhost_scsi/scsi.c b/examples/vhost_scsi/scsi.c
> >index 54d3104..2de3110 100644
> >--- a/examples/vhost_scsi/scsi.c
> >+++ b/examples/vhost_scsi/scsi.c
> >@@ -307,7 +307,9 @@ vhost_bdev_scsi_inquiry_command(struct vhost_block_dev *bdev,
> >  		strncpy((char *)inqdata->t10_vendor_id, "INTEL", 8);
> >  		/* PRODUCT IDENTIFICATION */
> >-		strncpy((char *)inqdata->product_id, bdev->product_name, 16);
> >+		snprintf((char *)inqdata->product_id,
> >+				ARRAY_SIZE(inqdata->product_id), "%s",
> >+				bdev->product_name);
> >  		/* PRODUCT REVISION LEVEL */
> >  		strncpy((char *)inqdata->product_rev, "0001", 4);
> >
> 
> Acked-by: Maxime Coquelin <maxime.coquelin@redhat.com>

Firstly, sorry for being so late response. And,

Applied to dpdk-next-virtio. Thanks!

	--yliu
Thomas Monjalon Oct. 24, 2017, 4:22 p.m. UTC | #3 
17/10/2017 15:26, Yuanhan Liu:
> On Fri, Oct 13, 2017 at 09:12:33AM +0200, Maxime Coquelin wrote:
> > On 10/12/2017 01:34 PM, Jacek Piasecki wrote:
> > >--- a/examples/vhost_scsi/scsi.c
> > >+++ b/examples/vhost_scsi/scsi.c
> > >@@ -307,7 +307,9 @@ vhost_bdev_scsi_inquiry_command(struct vhost_block_dev *bdev,
> > >  		strncpy((char *)inqdata->t10_vendor_id, "INTEL", 8);
> > >  		/* PRODUCT IDENTIFICATION */
> > >-		strncpy((char *)inqdata->product_id, bdev->product_name, 16);
> > >+		snprintf((char *)inqdata->product_id,
> > >+				ARRAY_SIZE(inqdata->product_id), "%s",
> > >+				bdev->product_name);
> > >  		/* PRODUCT REVISION LEVEL */
> > >  		strncpy((char *)inqdata->product_rev, "0001", 4);
> > 
> > Acked-by: Maxime Coquelin <maxime.coquelin@redhat.com>
> 
> Firstly, sorry for being so late response. And,
> 
> Applied to dpdk-next-virtio. Thanks!

I don't know where this ARRAY_SIZE comes from.
It does not compile.
In DPDK you can use RTE_DIM.

This patch is removed from the next-virtio pull queue.
diff mbox

Patch

diff --git a/examples/vhost_scsi/scsi.c b/examples/vhost_scsi/scsi.c
index 54d3104..2de3110 100644
--- a/examples/vhost_scsi/scsi.c
+++ b/examples/vhost_scsi/scsi.c
@@ -307,7 +307,9 @@  vhost_bdev_scsi_inquiry_command(struct vhost_block_dev *bdev,
 		strncpy((char *)inqdata->t10_vendor_id, "INTEL", 8);
 
 		/* PRODUCT IDENTIFICATION */
-		strncpy((char *)inqdata->product_id, bdev->product_name, 16);
+		snprintf((char *)inqdata->product_id,
+				ARRAY_SIZE(inqdata->product_id), "%s",
+				bdev->product_name);
 
 		/* PRODUCT REVISION LEVEL */
 		strncpy((char *)inqdata->product_rev, "0001", 4);