[5/5] telemetry: fix buffer overrun if max bytes read
Checks
Commit Message
If 1024 bytes were received over the socket, this caused
buffer_recvf[bytes] to overrun the array. The size of the buffer - 1 is
now passed to the read function.
Coverity issue: 358442
Fixes: b80fe1805eee ("telemetry: introduce backward compatibility")
Cc: ciara.power@intel.com
Signed-off-by: Ciara Power <ciara.power@intel.com>
---
lib/librte_telemetry/telemetry_legacy.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
On 12/05/2020 16:29, Ciara Power wrote:
> If 1024 bytes were received over the socket, this caused
> buffer_recvf[bytes] to overrun the array. The size of the buffer - 1 is
> now passed to the read function.
>
> Coverity issue: 358442
> Fixes: b80fe1805eee ("telemetry: introduce backward compatibility")
> Cc: ciara.power@intel.com
>
> Signed-off-by: Ciara Power <ciara.power@intel.com>
> ---
> lib/librte_telemetry/telemetry_legacy.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
Acked-by: Kevin Laatz <kevin.laatz@intel.com>
@@ -217,7 +217,7 @@ legacy_client_handler(void *sock_id)
int ret;
char buffer_recv[BUF_SIZE];
/* receive data is not null terminated */
- int bytes = read(s, buffer_recv, sizeof(buffer_recv));
+ int bytes = read(s, buffer_recv, sizeof(buffer_recv) - 1);
while (bytes > 0) {
buffer_recv[bytes] = 0;
@@ -234,7 +234,7 @@ legacy_client_handler(void *sock_id)
if (ret < 0)
printf("\nCould not send error response\n");
}
- bytes = read(s, buffer_recv, sizeof(buffer_recv));
+ bytes = read(s, buffer_recv, sizeof(buffer_recv) - 1);
}
close(s);
return NULL;