[v4] drivers: fix possible overflow with strcat
Checks
Commit Message
strcat does not check the destination length and there might be
chances of string overflow so instead of strcat, strlcat is used.
Fixes: 6f4eec2565 ("test/crypto: enhance scheduler unit tests")
Fixes: 540a211084 ("bnx2x: driver core")
Fixes: e163c18a15 ("net/i40e: update ptype and pctype info")
Fixes: ef28aa96e5 ("net/nfp: support multiprocess")
Cc: stable@dpdk.org
Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
---
v4: Corrected usage of strlcat.
v3: Instead of strncat, used strlcat.
v2: Instead of strncat, used snprintf.
---
app/test/test_cryptodev.c | 3 ++-
drivers/net/bnx2x/bnx2x.c | 4 +++-
drivers/net/i40e/i40e_ethdev.c | 4 ++--
drivers/net/nfp/nfpcore/nfp_cpp_pcie_ops.c | 10 ++++++----
4 files changed, 13 insertions(+), 8 deletions(-)
Comments
<...>
> @@ -11734,13 +11735,14 @@ static const char *get_bnx2x_flags(uint32_t flags)
>
> for (i = 0; i < 5; i++)
> if (flags & (1 << i)) {
> - strcat(flag_str, flag[i]);
> + strlcat(flag_str, flag[i], sizeof(flag_str));
> flags ^= (1 << i);
> }
> if (flags) {
> static char unknown[BNX2X_INFO_STR_MAX];
> snprintf(unknown, 32, "Unknown flag mask %x", flags);
> strcat(flag_str, unknown);
> + strlcat(flag_str, unknown, sizeof(flag_str));
Intention is to replace the 'strcat' right, seems missed to remove old code.
@@ -15,6 +15,7 @@
#include <rte_crypto.h>
#include <rte_cryptodev.h>
#include <rte_cryptodev_pmd.h>
+#include <rte_string_fns.h>
#ifdef RTE_LIBRTE_PMD_CRYPTO_SCHEDULER
#include <rte_cryptodev_scheduler.h>
@@ -375,7 +376,7 @@ testsuite_setup(void)
snprintf(vdev_args, sizeof(vdev_args),
"%s%d", temp_str, i);
strcpy(temp_str, vdev_args);
- strcat(temp_str, ";");
+ strlcat(temp_str, ";", sizeof(temp_str));
slave_core_count++;
socket_id = lcore_config[i].socket_id;
}
@@ -25,6 +25,7 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <zlib.h>
+#include <rte_string_fns.h>
#define BNX2X_PMD_VER_PREFIX "BNX2X PMD"
#define BNX2X_PMD_VERSION_MAJOR 1
@@ -11734,13 +11735,14 @@ static const char *get_bnx2x_flags(uint32_t flags)
for (i = 0; i < 5; i++)
if (flags & (1 << i)) {
- strcat(flag_str, flag[i]);
+ strlcat(flag_str, flag[i], sizeof(flag_str));
flags ^= (1 << i);
}
if (flags) {
static char unknown[BNX2X_INFO_STR_MAX];
snprintf(unknown, 32, "Unknown flag mask %x", flags);
strcat(flag_str, unknown);
+ strlcat(flag_str, unknown, sizeof(flag_str));
}
return flag_str;
}
@@ -12201,8 +12201,8 @@ i40e_update_customized_pctype(struct rte_eth_dev *dev, uint8_t *pkg,
for (n = 0; n < proto_num; n++) {
if (proto[n].proto_id != proto_id)
continue;
- strcat(name, proto[n].name);
- strcat(name, "_");
+ strlcat(name, proto[n].name, sizeof(name));
+ strlcat(name, "_", sizeof(name));
break;
}
}
@@ -73,6 +73,8 @@
#define NFP_PCIE_CPP_BAR_PCIETOCPPEXPBAR(bar, slot) \
(((bar) * 8 + (slot)) * 4)
+#define LOCKFILE_HOME_PATH 256
+
/*
* Define to enable a bit more verbose debug output.
* Set to 1 to enable a bit more verbose debug output.
@@ -685,11 +687,11 @@ nfp_acquire_secondary_process_lock(struct nfp_pcie_user *desc)
* driver is used because that implies root user.
*/
home_path = getenv("HOME");
- lockfile = calloc(strlen(home_path) + strlen(lockname) + 1,
- sizeof(char));
+ lockfile = calloc(LOCKFILE_HOME_PATH + strlen(lockname) + 1,
+ sizeof(char));
- strcat(lockfile, home_path);
- strcat(lockfile, "/.lock_nfp_secondary");
+ snprintf(lockfile, LOCKFILE_HOME_PATH + strlen(lockname),
+ "%s%s", home_path, lockname);
desc->secondary_lock = open(lockfile, O_RDWR | O_CREAT | O_NONBLOCK,
0666);
if (desc->secondary_lock < 0) {