From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 52A21A034F; Tue, 12 May 2020 17:31:49 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id DECAE1C138; Tue, 12 May 2020 17:31:09 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 3FC971BFEF for ; Tue, 12 May 2020 17:31:06 +0200 (CEST) IronPort-SDR: i1/xsOcYbsiC6Has9yjA40jitsreLGRIan/uEuMUqJ5TVjIKr43XjfDxdpEvqmemoO9+1c63rn zYe0Qza2x+tw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2020 08:31:05 -0700 IronPort-SDR: gQ2UK8r382eCGIlWMBHLIRzMWMqPpvzjJfy++JwWmc/LdRp07nxKVFyOd4r1qpVv2c/ZjkYWhR kNMlVcTipoAw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,384,1583222400"; d="scan'208";a="409336961" Received: from silpixa00399953.ir.intel.com (HELO silpixa00399953.ger.corp.intel.com) ([10.237.222.53]) by orsmga004.jf.intel.com with ESMTP; 12 May 2020 08:31:04 -0700 From: Ciara Power To: bruce.richardson@intel.com Cc: dev@dpdk.org, Ciara Power Date: Tue, 12 May 2020 16:29:02 +0100 Message-Id: <20200512152902.70211-6-ciara.power@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200512152902.70211-1-ciara.power@intel.com> References: <20200512152902.70211-1-ciara.power@intel.com> Subject: [dpdk-dev] [PATCH 5/5] telemetry: fix buffer overrun if max bytes read X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" If 1024 bytes were received over the socket, this caused buffer_recvf[bytes] to overrun the array. The size of the buffer - 1 is now passed to the read function. Coverity issue: 358442 Fixes: b80fe1805eee ("telemetry: introduce backward compatibility") Cc: ciara.power@intel.com Signed-off-by: Ciara Power --- lib/librte_telemetry/telemetry_legacy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/librte_telemetry/telemetry_legacy.c b/lib/librte_telemetry/telemetry_legacy.c index 2de9021349..a341fe4ebd 100644 --- a/lib/librte_telemetry/telemetry_legacy.c +++ b/lib/librte_telemetry/telemetry_legacy.c @@ -217,7 +217,7 @@ legacy_client_handler(void *sock_id) int ret; char buffer_recv[BUF_SIZE]; /* receive data is not null terminated */ - int bytes = read(s, buffer_recv, sizeof(buffer_recv)); + int bytes = read(s, buffer_recv, sizeof(buffer_recv) - 1); while (bytes > 0) { buffer_recv[bytes] = 0; @@ -234,7 +234,7 @@ legacy_client_handler(void *sock_id) if (ret < 0) printf("\nCould not send error response\n"); } - bytes = read(s, buffer_recv, sizeof(buffer_recv)); + bytes = read(s, buffer_recv, sizeof(buffer_recv) - 1); } close(s); return NULL; -- 2.17.1