From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id 8D6721B1F2; Thu, 14 Feb 2019 15:00:26 +0100 (CET) X-Amp-Result: UNSCANNABLE X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Feb 2019 06:00:25 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,369,1544515200"; d="scan'208";a="144249735" Received: from bricha3-mobl.ger.corp.intel.com ([10.237.221.36]) by fmsmga004.fm.intel.com with SMTP; 14 Feb 2019 06:00:21 -0800 Received: by (sSMTP sendmail emulation); Thu, 14 Feb 2019 14:00:19 +0000 Date: Thu, 14 Feb 2019 14:00:19 +0000 From: Bruce Richardson To: Chaitanya Babu Talluri Cc: dev@dpdk.org, reshma.pattan@intel.com , cristian.dumitrescu@intel.com, jananeex.m.parthasarathy@intel.com, stable@dpdk.org Message-ID: <20190214140019.GA734836@bricha3-MOBL.ger.corp.intel.com> References: <1550136631-32415-1-git-send-email-tallurix.chaitanya.babu@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1550136631-32415-1-git-send-email-tallurix.chaitanya.babu@intel.com> User-Agent: Mutt/1.11.2 (2019-01-07) Subject: Re: [dpdk-stable] [dpdk-dev] [PATCH] lib: fix strcat with equivalent logic X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Feb 2019 14:00:27 -0000 On Thu, Feb 14, 2019 at 09:30:31AM +0000, Chaitanya Babu Talluri wrote: > Replace strcat with concatenation logic to avoid buffer overflow. > > Fixes: a6a47ac9c2 ("cfgfile: rework load function") > Cc: stable@dpdk.org > > Signed-off-by: Chaitanya Babu Talluri > --- > lib/librte_cfgfile/rte_cfgfile.c | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c > index 7d8c941ea..7616742f7 100644 > --- a/lib/librte_cfgfile/rte_cfgfile.c > +++ b/lib/librte_cfgfile/rte_cfgfile.c > @@ -227,7 +227,15 @@ rte_cfgfile_load_with_params(const char *filename, int flags, > while (end != NULL) { > if (*(end+1) == params->comment_character) { > *end = '\0'; > - strcat(split[1], end+1); > + int index = strlen(split[1]); > + char *temp = end+1; > + while (*temp != '\0') { > + split[1][index] = *temp; > + index++; > + temp++; > + } > + split[1][index] = '\0'; > + I don't see how this change fixes the problem. From what I see, you have just inlined the strcat function into the code above, without changing any of the logic. To prevent buffer overflows using strcat, you need to identify the total buffer length and use that when copying. I suggest reworking this code to use strlcat. /Bruce