From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by dpdk.org (Postfix) with ESMTP id 542961B022 for ; Tue, 20 Feb 2018 17:06:02 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Feb 2018 08:06:01 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,540,1511856000"; d="scan'208";a="18970706" Received: from rhorton-mobl1.ger.corp.intel.com (HELO FC23.ir.intel.com) ([163.33.231.16]) by fmsmga007.fm.intel.com with ESMTP; 20 Feb 2018 08:06:00 -0800 From: Remy Horton To: dev@dpdk.org Date: Tue, 20 Feb 2018 16:05:59 +0000 Message-Id: <20180220160559.1143-1-remy.horton@intel.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20180220145001.18442-1-remy.horton@intel.com> Subject: [dpdk-dev] [PATCH v2] metrics: fix potential missing NULL termination X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2018 16:06:02 -0000 Fixes a potential memory overrun detected by Coverity. This overrun cannot currently happen in practice because rte_metrics_reg_names() explicitly forces the last name character to be a NULL terminator. This patch adds the same enforcement to rte_metrics_get_names() in order to correct the warning, as well as using snprintf instead of strncpy to copy name strings. Coverity issue: 143434 Fixes: 349950ddb9c5 ("metrics: add information metrics library") Fixes: 710cab6f675a ("metrics: fix out of bound access") Signed-off-by: Remy Horton -- Changes in v2 * Replace strncpy with snprintf --- lib/librte_metrics/rte_metrics.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/lib/librte_metrics/rte_metrics.c b/lib/librte_metrics/rte_metrics.c index 556ae1b..b0f5450 100644 --- a/lib/librte_metrics/rte_metrics.c +++ b/lib/librte_metrics/rte_metrics.c @@ -113,10 +113,8 @@ rte_metrics_reg_names(const char * const *names, uint16_t cnt_names) for (idx_name = 0; idx_name < cnt_names; idx_name++) { entry = &stats->metadata[idx_name + stats->cnt_stats]; - strncpy(entry->name, names[idx_name], - RTE_METRICS_MAX_NAME_LEN); - /* Enforce NULL-termination */ - entry->name[RTE_METRICS_MAX_NAME_LEN - 1] = '\0'; + snprintf(entry->name, RTE_METRICS_MAX_NAME_LEN, + "%s", names[idx_name]); memset(entry->value, 0, sizeof(entry->value)); entry->idx_next_stat = idx_name + stats->cnt_stats + 1; } @@ -215,9 +213,9 @@ rte_metrics_get_names(struct rte_metric_name *names, return return_value; } for (idx_name = 0; idx_name < stats->cnt_stats; idx_name++) - strncpy(names[idx_name].name, - stats->metadata[idx_name].name, - RTE_METRICS_MAX_NAME_LEN); + snprintf(names[idx_name].name, + RTE_METRICS_MAX_NAME_LEN, + "%s", stats->metadata[idx_name].name); } return_value = stats->cnt_stats; rte_spinlock_unlock(&stats->lock); -- 2.9.5