* [dpdk-dev] [PATCH v2] app/testbbdev: fix sprintf with snprintf or strlcpy
@ 2019-02-18 10:50 Pallantla Poornima
2019-04-09 13:05 ` [dpdk-dev] [PATCH v3] " Pallantla Poornima
0 siblings, 1 reply; 5+ messages in thread
From: Pallantla Poornima @ 2019-02-18 10:50 UTC (permalink / raw)
To: dev; +Cc: reshma.pattan, amr.mokhtar, ferruh.yigit, Pallantla Poornima, stable
sprintf function is not secure as it doesn't check the length of string.
More secure function snprintf and strlcpy is used.
Fixes: f714a18885 ("app/testbbdev: add test application for bbdev")
Cc: stable@dpdk.org
Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
---
v2: Used strlcpy instead of snprintf as suggested.
---
app/test-bbdev/test_bbdev.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/app/test-bbdev/test_bbdev.c b/app/test-bbdev/test_bbdev.c
index a914817bc..137c74cde 100644
--- a/app/test-bbdev/test_bbdev.c
+++ b/app/test-bbdev/test_bbdev.c
@@ -14,6 +14,8 @@
#include <rte_bbdev.h>
#include <rte_bbdev_op.h>
#include <rte_bbdev_pmd.h>
+#include<string.h>
+#include <rte_string_fns.h>
#include "main.h"
@@ -788,14 +790,14 @@ test_bbdev_driver_init(void)
/* Initialize the maximum amount of devices */
do {
- sprintf(name_tmp, "%s%i", "name_", num_devs);
+ snprintf(name_tmp, sizeof(name_tmp), "%s%i", "name_", num_devs);
dev2 = rte_bbdev_allocate(name_tmp);
TEST_ASSERT(dev2 != NULL,
"Failed to initialize bbdev driver");
++num_devs;
} while (num_devs < (RTE_BBDEV_MAX_DEVS - 1));
- sprintf(name_tmp, "%s%i", "name_", num_devs);
+ snprintf(name_tmp, sizeof(name_tmp), "%s%i", "name_", num_devs);
dev2 = rte_bbdev_allocate(name_tmp);
TEST_ASSERT(dev2 == NULL, "Failed to initialize bbdev driver number %d "
"more drivers than RTE_BBDEV_MAX_DEVS: %d ", num_devs,
@@ -804,7 +806,7 @@ test_bbdev_driver_init(void)
num_devs--;
while (num_devs >= num_devs_tmp) {
- sprintf(name_tmp, "%s%i", "name_", num_devs);
+ snprintf(name_tmp, sizeof(name_tmp), "%s%i", "name_", num_devs);
dev2 = rte_bbdev_get_named_dev(name_tmp);
TEST_ASSERT_SUCCESS(rte_bbdev_release(dev2),
"Failed to uninitialize bbdev driver %s ",
@@ -825,7 +827,7 @@ test_bbdev_driver_init(void)
TEST_ASSERT_FAIL(rte_bbdev_release(NULL),
"Failed to uninitialize bbdev driver with NULL bbdev");
- sprintf(name_tmp, "%s", "invalid_name");
+ strlcpy(name_tmp, "invalid_name", sizeof(name_tmp));
dev2 = rte_bbdev_get_named_dev(name_tmp);
TEST_ASSERT_FAIL(rte_bbdev_release(dev2),
"Failed to uninitialize bbdev driver with invalid name");
--
2.17.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* [dpdk-dev] [PATCH v3] app/testbbdev: fix sprintf with snprintf or strlcpy
2019-02-18 10:50 [dpdk-dev] [PATCH v2] app/testbbdev: fix sprintf with snprintf or strlcpy Pallantla Poornima
@ 2019-04-09 13:05 ` Pallantla Poornima
2019-04-09 13:05 ` Pallantla Poornima
2019-04-22 19:21 ` Thomas Monjalon
0 siblings, 2 replies; 5+ messages in thread
From: Pallantla Poornima @ 2019-04-09 13:05 UTC (permalink / raw)
To: dev; +Cc: reshma.pattan, amr.mokhtar, Pallantla Poornima, stable
sprintf function is not secure as it doesn't check the length of string.
More secure function snprintf and strlcpy is used.
Fixes: f714a18885 ("app/testbbdev: add test application for bbdev")
Cc: stable@dpdk.org
Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
Acked-by: Amr Mokhtar <amr.mokhtar@intel.com>
---
v3: Added Ack.
v2: Used strlcpy instead of snprintf as suggested.
---
app/test-bbdev/test_bbdev.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/app/test-bbdev/test_bbdev.c b/app/test-bbdev/test_bbdev.c
index a914817bc..137c74cde 100644
--- a/app/test-bbdev/test_bbdev.c
+++ b/app/test-bbdev/test_bbdev.c
@@ -14,6 +14,8 @@
#include <rte_bbdev.h>
#include <rte_bbdev_op.h>
#include <rte_bbdev_pmd.h>
+#include<string.h>
+#include <rte_string_fns.h>
#include "main.h"
@@ -788,14 +790,14 @@ test_bbdev_driver_init(void)
/* Initialize the maximum amount of devices */
do {
- sprintf(name_tmp, "%s%i", "name_", num_devs);
+ snprintf(name_tmp, sizeof(name_tmp), "%s%i", "name_", num_devs);
dev2 = rte_bbdev_allocate(name_tmp);
TEST_ASSERT(dev2 != NULL,
"Failed to initialize bbdev driver");
++num_devs;
} while (num_devs < (RTE_BBDEV_MAX_DEVS - 1));
- sprintf(name_tmp, "%s%i", "name_", num_devs);
+ snprintf(name_tmp, sizeof(name_tmp), "%s%i", "name_", num_devs);
dev2 = rte_bbdev_allocate(name_tmp);
TEST_ASSERT(dev2 == NULL, "Failed to initialize bbdev driver number %d "
"more drivers than RTE_BBDEV_MAX_DEVS: %d ", num_devs,
@@ -804,7 +806,7 @@ test_bbdev_driver_init(void)
num_devs--;
while (num_devs >= num_devs_tmp) {
- sprintf(name_tmp, "%s%i", "name_", num_devs);
+ snprintf(name_tmp, sizeof(name_tmp), "%s%i", "name_", num_devs);
dev2 = rte_bbdev_get_named_dev(name_tmp);
TEST_ASSERT_SUCCESS(rte_bbdev_release(dev2),
"Failed to uninitialize bbdev driver %s ",
@@ -825,7 +827,7 @@ test_bbdev_driver_init(void)
TEST_ASSERT_FAIL(rte_bbdev_release(NULL),
"Failed to uninitialize bbdev driver with NULL bbdev");
- sprintf(name_tmp, "%s", "invalid_name");
+ strlcpy(name_tmp, "invalid_name", sizeof(name_tmp));
dev2 = rte_bbdev_get_named_dev(name_tmp);
TEST_ASSERT_FAIL(rte_bbdev_release(dev2),
"Failed to uninitialize bbdev driver with invalid name");
--
2.17.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* [dpdk-dev] [PATCH v3] app/testbbdev: fix sprintf with snprintf or strlcpy
2019-04-09 13:05 ` [dpdk-dev] [PATCH v3] " Pallantla Poornima
@ 2019-04-09 13:05 ` Pallantla Poornima
2019-04-22 19:21 ` Thomas Monjalon
1 sibling, 0 replies; 5+ messages in thread
From: Pallantla Poornima @ 2019-04-09 13:05 UTC (permalink / raw)
To: dev; +Cc: reshma.pattan, amr.mokhtar, Pallantla Poornima, stable
sprintf function is not secure as it doesn't check the length of string.
More secure function snprintf and strlcpy is used.
Fixes: f714a18885 ("app/testbbdev: add test application for bbdev")
Cc: stable@dpdk.org
Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
Acked-by: Amr Mokhtar <amr.mokhtar@intel.com>
---
v3: Added Ack.
v2: Used strlcpy instead of snprintf as suggested.
---
app/test-bbdev/test_bbdev.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/app/test-bbdev/test_bbdev.c b/app/test-bbdev/test_bbdev.c
index a914817bc..137c74cde 100644
--- a/app/test-bbdev/test_bbdev.c
+++ b/app/test-bbdev/test_bbdev.c
@@ -14,6 +14,8 @@
#include <rte_bbdev.h>
#include <rte_bbdev_op.h>
#include <rte_bbdev_pmd.h>
+#include<string.h>
+#include <rte_string_fns.h>
#include "main.h"
@@ -788,14 +790,14 @@ test_bbdev_driver_init(void)
/* Initialize the maximum amount of devices */
do {
- sprintf(name_tmp, "%s%i", "name_", num_devs);
+ snprintf(name_tmp, sizeof(name_tmp), "%s%i", "name_", num_devs);
dev2 = rte_bbdev_allocate(name_tmp);
TEST_ASSERT(dev2 != NULL,
"Failed to initialize bbdev driver");
++num_devs;
} while (num_devs < (RTE_BBDEV_MAX_DEVS - 1));
- sprintf(name_tmp, "%s%i", "name_", num_devs);
+ snprintf(name_tmp, sizeof(name_tmp), "%s%i", "name_", num_devs);
dev2 = rte_bbdev_allocate(name_tmp);
TEST_ASSERT(dev2 == NULL, "Failed to initialize bbdev driver number %d "
"more drivers than RTE_BBDEV_MAX_DEVS: %d ", num_devs,
@@ -804,7 +806,7 @@ test_bbdev_driver_init(void)
num_devs--;
while (num_devs >= num_devs_tmp) {
- sprintf(name_tmp, "%s%i", "name_", num_devs);
+ snprintf(name_tmp, sizeof(name_tmp), "%s%i", "name_", num_devs);
dev2 = rte_bbdev_get_named_dev(name_tmp);
TEST_ASSERT_SUCCESS(rte_bbdev_release(dev2),
"Failed to uninitialize bbdev driver %s ",
@@ -825,7 +827,7 @@ test_bbdev_driver_init(void)
TEST_ASSERT_FAIL(rte_bbdev_release(NULL),
"Failed to uninitialize bbdev driver with NULL bbdev");
- sprintf(name_tmp, "%s", "invalid_name");
+ strlcpy(name_tmp, "invalid_name", sizeof(name_tmp));
dev2 = rte_bbdev_get_named_dev(name_tmp);
TEST_ASSERT_FAIL(rte_bbdev_release(dev2),
"Failed to uninitialize bbdev driver with invalid name");
--
2.17.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [dpdk-dev] [PATCH v3] app/testbbdev: fix sprintf with snprintf or strlcpy
2019-04-09 13:05 ` [dpdk-dev] [PATCH v3] " Pallantla Poornima
2019-04-09 13:05 ` Pallantla Poornima
@ 2019-04-22 19:21 ` Thomas Monjalon
2019-04-22 19:21 ` Thomas Monjalon
1 sibling, 1 reply; 5+ messages in thread
From: Thomas Monjalon @ 2019-04-22 19:21 UTC (permalink / raw)
To: Pallantla Poornima; +Cc: dev, reshma.pattan, amr.mokhtar, stable
09/04/2019 15:05, Pallantla Poornima:
> sprintf function is not secure as it doesn't check the length of string.
> More secure function snprintf and strlcpy is used.
>
> Fixes: f714a18885 ("app/testbbdev: add test application for bbdev")
> Cc: stable@dpdk.org
>
> Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
> Acked-by: Amr Mokhtar <amr.mokhtar@intel.com>
Applied, thanks
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [dpdk-dev] [PATCH v3] app/testbbdev: fix sprintf with snprintf or strlcpy
2019-04-22 19:21 ` Thomas Monjalon
@ 2019-04-22 19:21 ` Thomas Monjalon
0 siblings, 0 replies; 5+ messages in thread
From: Thomas Monjalon @ 2019-04-22 19:21 UTC (permalink / raw)
To: Pallantla Poornima; +Cc: dev, reshma.pattan, amr.mokhtar, stable
09/04/2019 15:05, Pallantla Poornima:
> sprintf function is not secure as it doesn't check the length of string.
> More secure function snprintf and strlcpy is used.
>
> Fixes: f714a18885 ("app/testbbdev: add test application for bbdev")
> Cc: stable@dpdk.org
>
> Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
> Acked-by: Amr Mokhtar <amr.mokhtar@intel.com>
Applied, thanks
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-04-22 19:21 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-18 10:50 [dpdk-dev] [PATCH v2] app/testbbdev: fix sprintf with snprintf or strlcpy Pallantla Poornima
2019-04-09 13:05 ` [dpdk-dev] [PATCH v3] " Pallantla Poornima
2019-04-09 13:05 ` Pallantla Poornima
2019-04-22 19:21 ` Thomas Monjalon
2019-04-22 19:21 ` Thomas Monjalon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).