[dpdk-dev,v4] examples/vhost_scsi: fix buffer not terminated
Checks
Commit Message
Use snprintf instead strncpy to get safe null string termination.
There was possible to get not terminated string after strncpy operation.
Coverity issue: 158631
Fixes: db75c7af19bb ("examples/vhost_scsi: introduce a new sample app")
Cc: changpeng.liu@intel.com
Cc: stable@dpdk.org
Signed-off-by: Jacek Piasecki <jacekx.piasecki@intel.com>
Acked-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
v4: RTE_DIM instead ARRAY_SIZE
v3: checkpatch fix
v2: snprintf instead strncpy
---
examples/vhost_scsi/scsi.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Comments
25/10/2017 12:07, Jacek Piasecki:
> Use snprintf instead strncpy to get safe null string termination.
> There was possible to get not terminated string after strncpy operation.
>
> Coverity issue: 158631
> Fixes: db75c7af19bb ("examples/vhost_scsi: introduce a new sample app")
> Cc: changpeng.liu@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Jacek Piasecki <jacekx.piasecki@intel.com>
> Acked-by: Maxime Coquelin <maxime.coquelin@redhat.com>
> ---
> v4: RTE_DIM instead ARRAY_SIZE
> v3: checkpatch fix
> v2: snprintf instead strncpy
Applied, thanks
@@ -307,7 +307,9 @@ vhost_bdev_scsi_inquiry_command(struct vhost_block_dev *bdev,
strncpy((char *)inqdata->t10_vendor_id, "INTEL", 8);
/* PRODUCT IDENTIFICATION */
- strncpy((char *)inqdata->product_id, bdev->product_name, 16);
+ snprintf((char *)inqdata->product_id,
+ RTE_DIM(inqdata->product_id), "%s",
+ bdev->product_name);
/* PRODUCT REVISION LEVEL */
strncpy((char *)inqdata->product_rev, "0001", 4);