From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 86B6343005; Tue, 8 Aug 2023 04:24:47 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1630C43247; Tue, 8 Aug 2023 04:24:47 +0200 (CEST) Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by mails.dpdk.org (Postfix) with ESMTP id D0D6940A87 for ; Tue, 8 Aug 2023 04:24:45 +0200 (CEST) Received: from kwepemm600004.china.huawei.com (unknown [172.30.72.57]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4RKcPQ0XDfzNmry; Tue, 8 Aug 2023 10:21:14 +0800 (CST) Received: from [10.67.103.231] (10.67.103.231) by kwepemm600004.china.huawei.com (7.193.23.242) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Tue, 8 Aug 2023 10:24:41 +0800 Message-ID: <35199239-fac5-f7f2-6f80-5070b016d7d6@huawei.com> Date: Tue, 8 Aug 2023 10:24:41 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.2.0 Subject: Re: [PATCH] telemetry: avoid truncation of strlcpy return before check To: Tyler Retzlaff , CC: Ciara Power , , References: <1691011261-5666-1-git-send-email-roretzla@linux.microsoft.com> From: "lihuisong (C)" In-Reply-To: <1691011261-5666-1-git-send-email-roretzla@linux.microsoft.com> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.67.103.231] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To kwepemm600004.china.huawei.com (7.193.23.242) X-CFilter-Loop: Reflected X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org 在 2023/8/3 5:21, Tyler Retzlaff 写道: > strlcpy returns type size_t when directly assigning to > struct rte_tel_data data_len field it may be truncated leading to > compromised length check that follows > > Since the limit in the check is < UINT_MAX the value returned is > safe to be cast to unsigned int (which may be narrower than size_t) > but only after being checked against RTE_TEL_MAX_SINGLE_STRING_LEN > > Signed-off-by: Tyler Retzlaff > --- > lib/telemetry/telemetry_data.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/lib/telemetry/telemetry_data.c b/lib/telemetry/telemetry_data.c > index 3b1a240..52307cb 100644 > --- a/lib/telemetry/telemetry_data.c > +++ b/lib/telemetry/telemetry_data.c > @@ -41,12 +41,13 @@ > int > rte_tel_data_string(struct rte_tel_data *d, const char *str) > { > + const size_t len = strlcpy(d->data.str, str, sizeof(d->data.str)); sizeof(d->data.str) is equal to RTE_TEL_MAX_SINGLE_STRING_LEN(8192). So It seems that this truncation probably will not happen. > d->type = TEL_STRING; > - d->data_len = strlcpy(d->data.str, str, sizeof(d->data.str)); > - if (d->data_len >= RTE_TEL_MAX_SINGLE_STRING_LEN) { > + if (len >= RTE_TEL_MAX_SINGLE_STRING_LEN) { > d->data_len = RTE_TEL_MAX_SINGLE_STRING_LEN - 1; > return E2BIG; /* not necessarily and error, just truncation */ > } > + d->data_len = (unsigned int)len; > return 0; > } >