Thread (41 messages) 41 messages, 6 authors, 2016-06-27
STALE3658d
Revisions (2)
  1. v4 current
  2. v5 [diff vs current]

[PATCH v4 3/5] pdump: fix string overflow

From: Reshma Pattan <hidden>
Date: 2016-06-24 13:54:58
Subsystem: library code, the rest · Maintainers: Andrew Morton, Linus Torvalds

replaced strncpy with snprintf for safely
copying the strings.

Cverity issue 127350: string overflow

Fixes: 278f945402c5 ("pdump: add new library for packet capture")

Signed-off-by: Reshma Pattan <redacted>
---
 lib/librte_pdump/rte_pdump.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/librte_pdump/rte_pdump.c b/lib/librte_pdump/rte_pdump.c
index 8240387..53a5bf2 100644
--- a/lib/librte_pdump/rte_pdump.c
+++ b/lib/librte_pdump/rte_pdump.c
@@ -804,13 +804,15 @@ pdump_prepare_client_request(char *device, uint16_t queue,
 	req.flags = flags;
 	req.op =  operation;
 	if ((operation & ENABLE) != 0) {
-		strncpy(req.data.en_v1.device, device, strlen(device));
+		snprintf(req.data.en_v1.device, sizeof(req.data.en_v1.device),
+				"%s", device);
 		req.data.en_v1.queue = queue;
 		req.data.en_v1.ring = ring;
 		req.data.en_v1.mp = mp;
 		req.data.en_v1.filter = filter;
 	} else {
-		strncpy(req.data.dis_v1.device, device, strlen(device));
+		snprintf(req.data.dis_v1.device, sizeof(req.data.dis_v1.device),
+				"%s", device);
 		req.data.dis_v1.queue = queue;
 		req.data.dis_v1.ring = NULL;
 		req.data.dis_v1.mp = NULL;
-- 
2.5.0
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help