From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id A75B5A046B
	for <public@inbox.dpdk.org>; Tue, 23 Jul 2019 03:03:10 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 955961BF99;
	Tue, 23 Jul 2019 03:03:10 +0200 (CEST)
Received: from mellanox.co.il (mail-il-dmz.mellanox.com [193.47.165.129])
 by dpdk.org (Postfix) with ESMTP id 710C81BF94
 for <stable@dpdk.org>; Tue, 23 Jul 2019 03:03:09 +0200 (CEST)
Received: from Internal Mail-Server by MTLPINE2 (envelope-from
 yskoh@mellanox.com)
 with ESMTPS (AES256-SHA encrypted); 23 Jul 2019 04:03:08 +0300
Received: from scfae-sc-2.mti.labs.mlnx (scfae-sc-2.mti.labs.mlnx
 [10.101.0.96])
 by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id x6N11Hfl026580;
 Tue, 23 Jul 2019 04:03:07 +0300
From: Yongseok Koh <yskoh@mellanox.com>
To: Pallantla Poornima <pallantlax.poornima@intel.com>
Cc: Aaron Conole <aconole@redhat.com>, dpdk stable <stable@dpdk.org>
Date: Mon, 22 Jul 2019 18:00:28 -0700
Message-Id: <20190723010115.6446-61-yskoh@mellanox.com>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20190723010115.6446-1-yskoh@mellanox.com>
References: <20190723010115.6446-1-yskoh@mellanox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [dpdk-stable] patch 'app/test: fix sprintf with strlcat' has been
	queued to LTS release 17.11.7
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org
Sender: "stable" <stable-bounces@dpdk.org>

Hi,

FYI, your patch has been queued to LTS release 17.11.7

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objection by 07/27/19. So please
shout if anyone has objection.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Thanks.

Yongseok

---
>From 97017119f78b24ddbedaebdd3aa7ed05e4e92ab3 Mon Sep 17 00:00:00 2001
From: Pallantla Poornima <pallantlax.poornima@intel.com>
Date: Wed, 13 Mar 2019 11:07:23 +0000
Subject: [PATCH] app/test: fix sprintf with strlcat

[ upstream commit 323643727f4c5653d9a1ddc552d95bae2b2c2e5c ]

sprintf function is not secure as it doesn't check the length of string.
More secure function strlcat is used.

Fixes: 727909c592 ("app/test: introduce dynamic commands list")

Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
Reviewed-by: Aaron Conole <aconole@redhat.com>
---
 test/test/commands.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/test/test/commands.c b/test/test/commands.c
index 4097a3310a..0396f40007 100644
--- a/test/test/commands.c
+++ b/test/test/commands.c
@@ -72,6 +72,7 @@
 #include <cmdline_parse_num.h>
 #include <cmdline_parse_string.h>
 #include <cmdline.h>
+#include <rte_string_fns.h>
 
 #include "test.h"
 
@@ -380,23 +381,22 @@ cmdline_parse_ctx_t main_ctx[] = {
 int commands_init(void)
 {
 	struct test_command *t;
-	char *commands, *ptr;
+	char *commands;
 	int commands_len = 0;
 
 	TAILQ_FOREACH(t, &commands_list, next) {
 		commands_len += strlen(t->command) + 1;
 	}
 
-	commands = malloc(commands_len + 1);
+	commands = (char *)calloc(commands_len, sizeof(char));
 	if (!commands)
 		return -1;
 
-	ptr = commands;
 	TAILQ_FOREACH(t, &commands_list, next) {
-		ptr += sprintf(ptr, "%s#", t->command);
+		strlcat(commands, t->command, commands_len);
+		if (TAILQ_NEXT(t, next) != NULL)
+			strlcat(commands, "#", commands_len);
 	}
-	ptr--;
-	ptr[0] = '\0';
 
 	cmd_autotest_autotest.string_data.str = commands;
 	return 0;
-- 
2.21.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2019-07-22 17:55:09.771181352 -0700
+++ 0061-app-test-fix-sprintf-with-strlcat.patch	2019-07-22 17:55:06.184476000 -0700
@@ -1,25 +1,26 @@
-From 323643727f4c5653d9a1ddc552d95bae2b2c2e5c Mon Sep 17 00:00:00 2001
+From 97017119f78b24ddbedaebdd3aa7ed05e4e92ab3 Mon Sep 17 00:00:00 2001
 From: Pallantla Poornima <pallantlax.poornima@intel.com>
 Date: Wed, 13 Mar 2019 11:07:23 +0000
 Subject: [PATCH] app/test: fix sprintf with strlcat
 
+[ upstream commit 323643727f4c5653d9a1ddc552d95bae2b2c2e5c ]
+
 sprintf function is not secure as it doesn't check the length of string.
 More secure function strlcat is used.
 
 Fixes: 727909c592 ("app/test: introduce dynamic commands list")
-Cc: stable@dpdk.org
 
 Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
 Reviewed-by: Aaron Conole <aconole@redhat.com>
 ---
- app/test/commands.c | 12 ++++++------
+ test/test/commands.c | 12 ++++++------
  1 file changed, 6 insertions(+), 6 deletions(-)
 
-diff --git a/app/test/commands.c b/app/test/commands.c
-index 94fbc310ed..8d5a03a954 100644
---- a/app/test/commands.c
-+++ b/app/test/commands.c
-@@ -44,6 +44,7 @@
+diff --git a/test/test/commands.c b/test/test/commands.c
+index 4097a3310a..0396f40007 100644
+--- a/test/test/commands.c
++++ b/test/test/commands.c
+@@ -72,6 +72,7 @@
  #include <cmdline_parse_num.h>
  #include <cmdline_parse_string.h>
  #include <cmdline.h>
@@ -27,7 +28,7 @@
  
  #include "test.h"
  
-@@ -365,23 +366,22 @@ cmdline_parse_ctx_t main_ctx[] = {
+@@ -380,23 +381,22 @@ cmdline_parse_ctx_t main_ctx[] = {
  int commands_init(void)
  {
  	struct test_command *t;