diff mbox series

[v4] drivers: fix possible overflow with strcat

Message ID 1551791666-26746-1-git-send-email-tallurix.chaitanya.babu@intel.com (mailing list archive)
State Superseded, archived
Delegated to: Ferruh Yigit
Headers
Series [v4] drivers: fix possible overflow with strcat |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/intel-Performance-Testing success Performance Testing PASS
ci/mellanox-Performance-Testing success Performance Testing PASS
ci/Intel-compilation success Compilation OK

Commit Message

Chaitanya Babu, TalluriX March 5, 2019, 1:14 p.m. UTC 
  strcat does not check the destination length and there might be
chances of string overflow so instead of strcat, strlcat is used.

Fixes: 6f4eec2565 ("test/crypto: enhance scheduler unit tests")
Fixes: 540a211084 ("bnx2x: driver core")
Fixes: e163c18a15 ("net/i40e: update ptype and pctype info")
Fixes: ef28aa96e5 ("net/nfp: support multiprocess")
Cc: stable@dpdk.org

Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
---
v4: Corrected usage of strlcat.
v3: Instead of strncat, used strlcat.
v2: Instead of strncat, used snprintf.
---
 app/test/test_cryptodev.c                  |  3 ++-
 drivers/net/bnx2x/bnx2x.c                  |  4 +++-
 drivers/net/i40e/i40e_ethdev.c             |  4 ++--
 drivers/net/nfp/nfpcore/nfp_cpp_pcie_ops.c | 10 ++++++----
 4 files changed, 13 insertions(+), 8 deletions(-)

Comments

Ferruh Yigit March 6, 2019, 6:14 p.m. UTC | #1 
<...>

> @@ -11734,13 +11735,14 @@ static const char *get_bnx2x_flags(uint32_t flags)
>  
>  	for (i = 0; i < 5; i++)
>  		if (flags & (1 << i)) {
> -			strcat(flag_str, flag[i]);
> +			strlcat(flag_str, flag[i], sizeof(flag_str));
>  			flags ^= (1 << i);
>  		}
>  	if (flags) {
>  		static char unknown[BNX2X_INFO_STR_MAX];
>  		snprintf(unknown, 32, "Unknown flag mask %x", flags);
>  		strcat(flag_str, unknown);
> +		strlcat(flag_str, unknown, sizeof(flag_str));

Intention is to replace the 'strcat' right, seems missed to remove old code.
diff mbox series

Patch

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 32f1893bc..2ff204137 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -15,6 +15,7 @@ 
 #include <rte_crypto.h>
 #include <rte_cryptodev.h>
 #include <rte_cryptodev_pmd.h>
+#include <rte_string_fns.h>
 
 #ifdef RTE_LIBRTE_PMD_CRYPTO_SCHEDULER
 #include <rte_cryptodev_scheduler.h>
@@ -375,7 +376,7 @@  testsuite_setup(void)
 			snprintf(vdev_args, sizeof(vdev_args),
 					"%s%d", temp_str, i);
 			strcpy(temp_str, vdev_args);
-			strcat(temp_str, ";");
+			strlcat(temp_str, ";", sizeof(temp_str));
 			slave_core_count++;
 			socket_id = lcore_config[i].socket_id;
 		}
diff --git a/drivers/net/bnx2x/bnx2x.c b/drivers/net/bnx2x/bnx2x.c
index 4c775c163..73987518d 100644
--- a/drivers/net/bnx2x/bnx2x.c
+++ b/drivers/net/bnx2x/bnx2x.c
@@ -25,6 +25,7 @@ 
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <zlib.h>
+#include <rte_string_fns.h>
 
 #define BNX2X_PMD_VER_PREFIX "BNX2X PMD"
 #define BNX2X_PMD_VERSION_MAJOR 1
@@ -11734,13 +11735,14 @@  static const char *get_bnx2x_flags(uint32_t flags)
 
 	for (i = 0; i < 5; i++)
 		if (flags & (1 << i)) {
-			strcat(flag_str, flag[i]);
+			strlcat(flag_str, flag[i], sizeof(flag_str));
 			flags ^= (1 << i);
 		}
 	if (flags) {
 		static char unknown[BNX2X_INFO_STR_MAX];
 		snprintf(unknown, 32, "Unknown flag mask %x", flags);
 		strcat(flag_str, unknown);
+		strlcat(flag_str, unknown, sizeof(flag_str));
 	}
 	return flag_str;
 }
diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index dca61f03a..9bc9a4390 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -12201,8 +12201,8 @@  i40e_update_customized_pctype(struct rte_eth_dev *dev, uint8_t *pkg,
 			for (n = 0; n < proto_num; n++) {
 				if (proto[n].proto_id != proto_id)
 					continue;
-				strcat(name, proto[n].name);
-				strcat(name, "_");
+				strlcat(name, proto[n].name, sizeof(name));
+				strlcat(name, "_", sizeof(name));
 				break;
 			}
 		}
diff --git a/drivers/net/nfp/nfpcore/nfp_cpp_pcie_ops.c b/drivers/net/nfp/nfpcore/nfp_cpp_pcie_ops.c
index 39bd48a83..1c54cc600 100644
--- a/drivers/net/nfp/nfpcore/nfp_cpp_pcie_ops.c
+++ b/drivers/net/nfp/nfpcore/nfp_cpp_pcie_ops.c
@@ -73,6 +73,8 @@ 
 #define NFP_PCIE_CPP_BAR_PCIETOCPPEXPBAR(bar, slot) \
 	(((bar) * 8 + (slot)) * 4)
 
+#define LOCKFILE_HOME_PATH 256
+
 /*
  * Define to enable a bit more verbose debug output.
  * Set to 1 to enable a bit more verbose debug output.
@@ -685,11 +687,11 @@  nfp_acquire_secondary_process_lock(struct nfp_pcie_user *desc)
 	 * driver is used because that implies root user.
 	 */
 	home_path = getenv("HOME");
-	lockfile = calloc(strlen(home_path) + strlen(lockname) + 1,
-			  sizeof(char));
+	lockfile = calloc(LOCKFILE_HOME_PATH + strlen(lockname) + 1,
+			sizeof(char));
 
-	strcat(lockfile, home_path);
-	strcat(lockfile, "/.lock_nfp_secondary");
+	snprintf(lockfile, LOCKFILE_HOME_PATH + strlen(lockname),
+			"%s%s", home_path, lockname);
 	desc->secondary_lock = open(lockfile, O_RDWR | O_CREAT | O_NONBLOCK,
 				    0666);
 	if (desc->secondary_lock < 0) {