[PATCH v5 06/17] telemetry: avoid possible string overflow

DPDK patches and discussions
 help / color / mirror / Atom feed

From: Stephen Hemminger <stephen@networkplumber.org>
To: dev@dpdk.org
Cc: Stephen Hemminger <stephen@networkplumber.org>,
	Bruce Richardson <bruce.richardson@intel.com>
Subject: [PATCH v5 06/17] telemetry: avoid possible string overflow
Date: Sun,  7 Dec 2025 11:11:57 -0800	[thread overview]
Message-ID: <20251207191242.165619-7-stephen@networkplumber.org> (raw)
In-Reply-To: <20251207191242.165619-1-stephen@networkplumber.org>

When registering client the input parameter could have a too
large unix domain path. Improve the string handling by avoiding
temporary buffer, and check the length.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 lib/telemetry/telemetry_legacy.c | 37 +++++++++++++++++++-------------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/lib/telemetry/telemetry_legacy.c b/lib/telemetry/telemetry_legacy.c
index 89ec750c09..24f663eee7 100644
--- a/lib/telemetry/telemetry_legacy.c
+++ b/lib/telemetry/telemetry_legacy.c
@@ -82,34 +82,41 @@ static int
 register_client(const char *cmd __rte_unused, const char *params,
 		char *buffer __rte_unused, int buf_len __rte_unused)
 {
+	const char *colon = strchr(params, ':');
+
+	if (colon == NULL) {
+		fprintf(stderr, "Invalid client data: missing colon\n");
+		return -1;
+	}
+
 #ifndef RTE_EXEC_ENV_WINDOWS
 	pthread_t th;
-	char data[BUF_SIZE];
-	int fd;
-	int rc;
-	struct sockaddr_un addrs;
-#endif /* !RTE_EXEC_ENV_WINDOWS */
+	int fd, rc;
+	struct sockaddr_un addrs = { .sun_family = AF_UNIX };
 
-	if (!strchr(params, ':')) {
-		fprintf(stderr, "Invalid data\n");
+	if (colon[1] != '"') {
+		fprintf(stderr, "Invalid client data: missing quote\n");
 		return -1;
 	}
-#ifndef RTE_EXEC_ENV_WINDOWS
-	strlcpy(data, strchr(params, ':'), sizeof(data));
-	memmove(data, &data[strlen(":\"")], strlen(data));
-	if (!strchr(data, '\"')) {
-		fprintf(stderr, "Invalid client data\n");
+
+	const char *endquote = strchr(colon + 1, '"');
+	if (endquote == NULL) {
+		fprintf(stderr, "Invalid client data: missing end quote\n");
+		return -1;
+	}
+
+	size_t len = endquote - colon + 1;
+	if (len == 0 || len >= sizeof(addrs.sun_path)) {
+		fprintf(stderr, "Invalid client data: path length\n");
 		return -1;
 	}
-	*strchr(data, '\"') = 0;
+	strncpy(addrs.sun_path, colon + 1, len);
 
 	fd = socket(AF_UNIX, SOCK_SEQPACKET, 0);
 	if (fd < 0) {
 		perror("Failed to open socket");
 		return -1;
 	}
-	addrs.sun_family = AF_UNIX;
-	strlcpy(addrs.sun_path, data, sizeof(addrs.sun_path));
 
 	if (connect(fd, (struct sockaddr *)&addrs, sizeof(addrs)) == -1) {
 		perror("\nClient connection error\n");
-- 
2.51.0

next prev parent reply	other threads:[~2025-12-07 19:13 UTC|newest]

Thread overview: 86+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-12-02 17:24 [RFC 0/8] first steps in fixing buffer overflow Stephen Hemminger
2025-12-02 17:24 ` [RFC 1/8] eal: use C library to parse filesystem table Stephen Hemminger
2025-12-02 17:24 ` [RFC 2/8] hash: fix possible ring name overflow Stephen Hemminger
2025-12-02 17:24 ` [RFC 3/8] eal: warn if thread name is truncated Stephen Hemminger
2025-12-02 17:24 ` [RFC 4/8] eal: avoid format overflow when handling addresses Stephen Hemminger
2025-12-02 17:24 ` [RFC 5/8] ethdev: avoid possible overflow in xstat names Stephen Hemminger
2025-12-02 17:24 ` [RFC 6/8] efd: avoid overflowing ring name Stephen Hemminger
2025-12-02 17:24 ` [RFC 7/8] eal: add check for sysfs path overflow Stephen Hemminger
2025-12-02 17:24 ` [RFC 8/8] eal: limit maximum runtime directory and socket paths Stephen Hemminger
2025-12-05  2:28 ` [RFC v2 00/14] lib: check for string overflow Stephen Hemminger
2025-12-05  2:28   ` [RFC v2 01/14] eal: use C library to parse filesystem table Stephen Hemminger
2025-12-05  2:28   ` [RFC v2 02/14] test: avoid long hash names Stephen Hemminger
2025-12-05  8:29     ` Bruce Richardson
2025-12-05 17:00       ` Stephen Hemminger
2025-12-05 18:19         ` Bruce Richardson
2025-12-05  2:28   ` [RFC v2 03/14] lpm: restrict name size Stephen Hemminger
2025-12-05  2:28   ` [RFC v2 04/14] hash: avoid possible ring name overflow Stephen Hemminger
2025-12-05  2:28   ` [RFC v2 05/14] graph: avoid overflowing comment buffer Stephen Hemminger
2025-12-05  2:28   ` [RFC v2 06/14] eal: warn if thread name is truncated Stephen Hemminger
2025-12-05  8:32     ` Bruce Richardson
2025-12-05  2:28   ` [RFC v2 07/14] eal: avoid format overflow when handling addresses Stephen Hemminger
2025-12-05  2:28   ` [RFC v2 08/14] ethdev: avoid possible overflow in xstat names Stephen Hemminger
2025-12-05  8:34     ` Bruce Richardson
2025-12-05  2:28   ` [RFC v2 09/14] vhost: check for overflow in xstat name Stephen Hemminger
2025-12-05  2:28   ` [RFC v2 10/14] efd: avoid overflowing ring name Stephen Hemminger
2025-12-05  8:37     ` Bruce Richardson
2025-12-05  2:28   ` [RFC v2 11/14] eal: add check for sysfs path overflow Stephen Hemminger
2025-12-05  2:28   ` [RFC v2 12/14] eal: limit maximum runtime directory and socket paths Stephen Hemminger
2025-12-05  8:46     ` Bruce Richardson
2025-12-05  2:28   ` [RFC v2 13/14] eal: check for hugefile path overflow Stephen Hemminger
2025-12-05  2:28   ` [RFC v2 14/14] lib: enable format overflow warnings Stephen Hemminger
2025-12-05 20:11   ` [PATCH v3 00/16] lib: find and fix possible string overflows Stephen Hemminger
2025-12-05 20:11     ` [PATCH v3 01/16] eal: use C library to parse filesystem table Stephen Hemminger
2025-12-05 20:11     ` [PATCH v3 02/16] lpm: restrict name size Stephen Hemminger
2025-12-05 20:11     ` [PATCH v3 03/16] hash: add checks for hash name length Stephen Hemminger
2025-12-05 20:11     ` [PATCH v3 04/16] graph: avoid overflowing comment buffer Stephen Hemminger
2025-12-05 20:11     ` [PATCH v3 05/16] latencystats: add check for string overflow Stephen Hemminger
2025-12-05 20:11     ` [PATCH v3 06/16] efd: handle possible name truncation Stephen Hemminger
2025-12-05 20:11     ` [PATCH v3 07/16] eal: warn if thread name is truncated Stephen Hemminger
2025-12-05 20:11     ` [PATCH v3 08/16] eal: avoid format overflow when handling addresses Stephen Hemminger
2025-12-05 20:11     ` [PATCH v3 09/16] eal: add check for sysfs path overflow Stephen Hemminger
2025-12-05 20:11     ` [PATCH v3 10/16] eal: limit maximum runtime directory and socket paths Stephen Hemminger
2025-12-08  8:58       ` Bruce Richardson
2025-12-08 19:14         ` Stephen Hemminger
2025-12-05 20:11     ` [PATCH v3 11/16] eal: check for hugefile path overflow Stephen Hemminger
2025-12-05 20:11     ` [PATCH v3 12/16] eal: check tailq length Stephen Hemminger
2025-12-08  8:58       ` Bruce Richardson
2025-12-05 20:11     ` [PATCH v3 13/16] eal: handle long shared library path Stephen Hemminger
2025-12-05 20:11     ` [PATCH v3 14/16] ethdev: avoid possible overflow in xstat names Stephen Hemminger
2025-12-05 20:11     ` [PATCH v3 15/16] vhost: check for overflow in xstat name Stephen Hemminger
2025-12-05 20:11     ` [PATCH v3 16/16] lib: enable format overflow warnings Stephen Hemminger
2025-12-06 18:43   ` [PATCH v4 00/16] lib: find and fix possible string overflows Stephen Hemminger
2025-12-06 18:43     ` [PATCH v4 01/16] eal: use C library to parse filesystem table Stephen Hemminger
2025-12-06 18:43     ` [PATCH v4 02/16] lpm: restrict name size Stephen Hemminger
2025-12-06 18:43     ` [PATCH v4 03/16] hash: add checks for hash name length Stephen Hemminger
2025-12-06 18:43     ` [PATCH v4 04/16] graph: avoid overflowing comment buffer Stephen Hemminger
2025-12-06 18:43     ` [PATCH v4 05/16] latencystats: add check for string overflow Stephen Hemminger
2025-12-06 18:43     ` [PATCH v4 06/16] efd: handle possible name truncation Stephen Hemminger
2025-12-06 18:43     ` [PATCH v4 07/16] eal: warn if thread name is truncated Stephen Hemminger
2025-12-06 18:43     ` [PATCH v4 08/16] eal: avoid format overflow when handling addresses Stephen Hemminger
2025-12-06 18:43     ` [PATCH v4 09/16] eal: add check for sysfs path overflow Stephen Hemminger
2025-12-06 18:43     ` [PATCH v4 10/16] eal: limit maximum runtime directory and socket paths Stephen Hemminger
2025-12-06 18:43     ` [PATCH v4 11/16] eal: check for hugefile path overflow Stephen Hemminger
2025-12-06 18:43     ` [PATCH v4 12/16] eal: check tailq length Stephen Hemminger
2025-12-06 18:43     ` [PATCH v4 13/16] eal: handle long shared library path Stephen Hemminger
2025-12-06 18:43     ` [PATCH v4 14/16] ethdev: avoid possible overflow in xstat names Stephen Hemminger
2025-12-06 18:43     ` [PATCH v4 15/16] vhost: check for overflow in xstat name Stephen Hemminger
2025-12-06 18:43     ` [PATCH v4 16/16] lib: enable format overflow warnings Stephen Hemminger
2025-12-07 19:11   ` [PATCH v5 00/17] lib: fix format overflows Stephen Hemminger
2025-12-07 19:11     ` [PATCH v5 01/17] eal: use C library to parse filesystem table Stephen Hemminger
2025-12-07 19:11     ` [PATCH v5 02/17] lpm: restrict name size Stephen Hemminger
2025-12-07 19:11     ` [PATCH v5 03/17] hash: add checks for hash name length Stephen Hemminger
2025-12-07 19:11     ` [PATCH v5 04/17] graph: avoid overflowing comment buffer Stephen Hemminger
2025-12-07 19:11     ` [PATCH v5 05/17] latencystats: add check for string overflow Stephen Hemminger
2025-12-07 19:11     ` Stephen Hemminger [this message]
2025-12-07 19:11     ` [PATCH v5 07/17] efd: handle possible name truncation Stephen Hemminger
2025-12-07 19:11     ` [PATCH v5 08/17] eal: warn if thread name is truncated Stephen Hemminger
2025-12-07 19:12     ` [PATCH v5 09/17] eal: avoid format overflow when handling addresses Stephen Hemminger
2025-12-07 19:12     ` [PATCH v5 10/17] eal: add check for sysfs path overflow Stephen Hemminger
2025-12-07 19:12     ` [PATCH v5 11/17] eal: limit maximum runtime directory and socket paths Stephen Hemminger
2025-12-07 19:12     ` [PATCH v5 12/17] eal: check for hugefile path overflow Stephen Hemminger
2025-12-07 19:12     ` [PATCH v5 13/17] eal: check tailq length Stephen Hemminger
2025-12-07 19:12     ` [PATCH v5 14/17] eal: handle long shared library path Stephen Hemminger
2025-12-07 19:12     ` [PATCH v5 15/17] ethdev: avoid possible overflow in xstat names Stephen Hemminger
2025-12-07 19:12     ` [PATCH v5 16/17] vhost: check for overflow in xstat name Stephen Hemminger
2025-12-07 19:12     ` [PATCH v5 17/17] lib: enable format overflow warnings Stephen Hemminger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20251207191242.165619-7-stephen@networkplumber.org \
    --to=stephen@networkplumber.org \
    --cc=bruce.richardson@intel.com \
    --cc=dev@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).