diff mbox

[dpdk-dev,v4,07/18] net/nfp/nfpcore: off-by-one and no NUL on strncpy use

Message ID 152600315096.53146.4309625575083492451.stgit@localhost.localdomain (mailing list archive)
State Superseded, archived
Headers

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK

Commit Message

Andy Green May 11, 2018, 1:45 a.m. UTC 
  /home/agreen/projects/dpdk/drivers/net/nfp/nfpcore/nfp_resource.c:
76:2:error: ‘strncpy’ output may be truncated copying 8 bytes from
a string of length 8 [-Werror=stringop-truncation]
  strncpy(name_pad, res->name, sizeof(name_pad));

Signed-off-by: Andy Green <andy@warmcat.com>
---
 drivers/net/nfp/nfpcore/nfp_resource.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

Comments

De Lara Guarch, Pablo May 11, 2018, 10:33 a.m. UTC | #1 
> -----Original Message-----

> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Andy Green

> Sent: Friday, May 11, 2018 2:46 AM

> To: dev@dpdk.org

> Subject: [dpdk-dev] [PATCH v4 07/18] net/nfp/nfpcore: off-by-one and no NUL

> on strncpy use

> 

> /home/agreen/projects/dpdk/drivers/net/nfp/nfpcore/nfp_resource.c:

> 76:2:error: ‘strncpy’ output may be truncated copying 8 bytes from a string of

> length 8 [-Werror=stringop-truncation]

>   strncpy(name_pad, res->name, sizeof(name_pad));

> 

> Signed-off-by: Andy Green <andy@warmcat.com>

> ---

>  drivers/net/nfp/nfpcore/nfp_resource.c |   10 ++++++----

>  1 file changed, 6 insertions(+), 4 deletions(-)

> 

> diff --git a/drivers/net/nfp/nfpcore/nfp_resource.c

> b/drivers/net/nfp/nfpcore/nfp_resource.c

> index e1df2b2e1..dd41fa4de 100644

> --- a/drivers/net/nfp/nfpcore/nfp_resource.c

> +++ b/drivers/net/nfp/nfpcore/nfp_resource.c


...

> -	memset(name_pad, 0, NFP_RESOURCE_ENTRY_NAME_SZ);

> -	strncpy(name_pad, res->name, sizeof(name_pad));

> +	memset(name_pad, 0, sizeof(name_pad));

> +	strlcpy(name_pad, res->name, sizeof(name_pad));


I think memset is not required, as strlcpy already null terminate the buffer.

...

Missing fixes line.

Fixes: c7e9729da6b5 ("net/nfp: support CPP")

Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Andy Green May 12, 2018, 1:17 a.m. UTC | #2 
On 05/11/2018 06:33 PM, De Lara Guarch, Pablo wrote:
> 
> 
>> -----Original Message-----
>> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Andy Green
>> Sent: Friday, May 11, 2018 2:46 AM
>> To: dev@dpdk.org
>> Subject: [dpdk-dev] [PATCH v4 07/18] net/nfp/nfpcore: off-by-one and no NUL
>> on strncpy use
>>
>> /home/agreen/projects/dpdk/drivers/net/nfp/nfpcore/nfp_resource.c:
>> 76:2:error: ‘strncpy’ output may be truncated copying 8 bytes from a string of
>> length 8 [-Werror=stringop-truncation]
>>    strncpy(name_pad, res->name, sizeof(name_pad));
>>
>> Signed-off-by: Andy Green <andy@warmcat.com>
>> ---
>>   drivers/net/nfp/nfpcore/nfp_resource.c |   10 ++++++----
>>   1 file changed, 6 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/net/nfp/nfpcore/nfp_resource.c
>> b/drivers/net/nfp/nfpcore/nfp_resource.c
>> index e1df2b2e1..dd41fa4de 100644
>> --- a/drivers/net/nfp/nfpcore/nfp_resource.c
>> +++ b/drivers/net/nfp/nfpcore/nfp_resource.c
> 
> ...
> 
>> -	memset(name_pad, 0, NFP_RESOURCE_ENTRY_NAME_SZ);
>> -	strncpy(name_pad, res->name, sizeof(name_pad));
>> +	memset(name_pad, 0, sizeof(name_pad));
>> +	strlcpy(name_pad, res->name, sizeof(name_pad));
> 
> I think memset is not required, as strlcpy already null terminate the buffer.

It seems required to keep it, because of the exciting code just below it:

         /* Search for a matching entry */
         if (!memcmp(name_pad, NFP_RESOURCE_TBL_NAME "\0\0\0\0\0\0\0\0", 
8)) {
                 printf("Grabbing device lock not supported\n");
                 return -EOPNOTSUPP;
         }

-Andy

> ...
> 
> Missing fixes line.
> 
> Fixes: c7e9729da6b5 ("net/nfp: support CPP")
> 
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
>
diff mbox

Patch

diff --git a/drivers/net/nfp/nfpcore/nfp_resource.c b/drivers/net/nfp/nfpcore/nfp_resource.c
index e1df2b2e1..dd41fa4de 100644
--- a/drivers/net/nfp/nfpcore/nfp_resource.c
+++ b/drivers/net/nfp/nfpcore/nfp_resource.c
@@ -7,6 +7,8 @@ 
 #include <time.h>
 #include <endian.h>
 
+#include <rte_string_fns.h>
+
 #include "nfp_cpp.h"
 #include "nfp6000/nfp6000.h"
 #include "nfp_resource.h"
@@ -65,22 +67,22 @@  struct nfp_resource {
 static int
 nfp_cpp_resource_find(struct nfp_cpp *cpp, struct nfp_resource *res)
 {
-	char name_pad[NFP_RESOURCE_ENTRY_NAME_SZ] = {};
+	char name_pad[NFP_RESOURCE_ENTRY_NAME_SZ + 2];
 	struct nfp_resource_entry entry;
 	uint32_t cpp_id, key;
 	int ret, i;
 
 	cpp_id = NFP_CPP_ID(NFP_RESOURCE_TBL_TARGET, 3, 0);  /* Atomic read */
 
-	memset(name_pad, 0, NFP_RESOURCE_ENTRY_NAME_SZ);
-	strncpy(name_pad, res->name, sizeof(name_pad));
+	memset(name_pad, 0, sizeof(name_pad));
+	strlcpy(name_pad, res->name, sizeof(name_pad));
 
 	/* Search for a matching entry */
 	if (!memcmp(name_pad, NFP_RESOURCE_TBL_NAME "\0\0\0\0\0\0\0\0", 8)) {
 		printf("Grabbing device lock not supported\n");
 		return -EOPNOTSUPP;
 	}
-	key = nfp_crc32_posix(name_pad, sizeof(name_pad));
+	key = nfp_crc32_posix(name_pad, NFP_RESOURCE_ENTRY_NAME_SZ);
 
 	for (i = 0; i < NFP_RESOURCE_TBL_ENTRIES; i++) {
 		uint64_t addr = NFP_RESOURCE_TBL_BASE +