From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <test-report-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 0D10A4705A
	for <public@inbox.dpdk.org>; Tue, 16 Dec 2025 17:12:20 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 021014026D;
	Tue, 16 Dec 2025 17:12:20 +0100 (CET)
Received: from mail-qt1-f175.google.com (mail-qt1-f175.google.com
 [209.85.160.175])
 by mails.dpdk.org (Postfix) with ESMTP id 209AA4026D
 for <test-report@dpdk.org>; Tue, 16 Dec 2025 17:12:13 +0100 (CET)
Received: by mail-qt1-f175.google.com with SMTP id
 d75a77b69052e-4ee257e56aaso43669051cf.0
 for <test-report@dpdk.org>; Tue, 16 Dec 2025 08:12:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=bytheb-org.20230601.gappssmtp.com; s=20230601; t=1765901532; x=1766506332;
 darn=dpdk.org; 
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=cRFAgNZEJeaK/mZpIeiIlald7LFOfz2famQhImLJbLw=;
 b=XLYB0+oGus/OrMNS3hI34w9SsvD8hQWIKFEcZYsMiqn2nK74JiT4vJsBczHCW9hwHC
 wRDLbeK4i3KIbGVSCFQp7E9fnMG4YiYSSJwtUX9STRu9JcOTU6l9gaguW5gptgwvO3S1
 8WCZ9gPW+qGx1mshn8rVV3QC5Tt0GwaOEniCJSWFcUP4QBckgMHCoIDKHDhQ2Da+F6RM
 Y99Gozt8m5pGBzBxqKQOtghTjhTpA6hvOZBJwioIEsVGjbECWP47Jkc35FXl9Eke/eH3
 g67YoPy6hiRDmy/UEe2jRHPbMDOoPnP6e+kVWUxiF+5q9oz94bEz32rzLSSB4mXNA/BT
 EJUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1765901532; x=1766506332;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
 :cc:subject:date:message-id:reply-to;
 bh=cRFAgNZEJeaK/mZpIeiIlald7LFOfz2famQhImLJbLw=;
 b=cIAC5511/zbdhFzxlgZe87NGAo1fKY/dmdhTCaqreeYr9KLDbN5KFgGroEFZljBfFu
 mtMF1SnSbU0XWEFnemZevEeAZggJGAoqRx/6dQfoVa3p7zfIaFU0wNMl9qZSSdbSDVfA
 L/+UZtCyf7tAQlLfO+PIKmgJQuDZ15uR4HoPbB11854wpW+oCRLefwOUPjrYmVM6ETfy
 1YuGdh98VDFhX2Sb5VBNCAVjQRJ1ekNIrJ0yrId/NCR2ANqXUHnGcERWMjbh9teJCRBi
 lGejFQ5C63aDuNDvfdtkJfO0Ke9T/nlur29K3HiZvmgqWT4i/46TfpVrgO//sKrKfupO
 nt/w==
X-Gm-Message-State: AOJu0YyEWPW0Ng0iRncf9bkeXdtM6lK1pMPGAcmd+ObsSV2Uu+aT5Lqn
 ZkEs7n+WzvuYe+ineIO0JJw/rKRQJpLaQsSxaxpFfcftZK2zB9BfUaVVko6FFSbXHISnyWOYzp6
 59zS9
X-Gm-Gg: AY/fxX5L2Swx3L3qlNfCNH+vZ/ulvtv16Xx0fovPkqLpmUd+u/oJGJ8xR08q87xqJaU
 GZ9g7kV9OzotrPB2u1kyXsY8rcrn/SQxNCKgr7EnM5z315AuYdno+KwvcDkYlbb6zhjb3TIYb54
 XRjv60negAzftMSwy5VgjFkNnLg2v/UXELKHUL6GHsfca41bE+Cz5uKYrkg+0XI3kTE0jlcVDFw
 2iKWByzAEMAjdPAB83WYaYd43S/6+qDapVgaZI1ZytfIiT+8XPb0bJ45cJ4QUKIrQjPZ1Ag4ZbY
 ST25Y6Pt/Kw/RorMVCiPs2HZhHiGTX+xt4EJSTpUqFGuUwXVqp7Mk6vvi6ElbaRxRI0gPkJzqoc
 MMFDsAQinOh+4m7C4Ftd0G4qam0kOSG95HHyGE5SL/FGvnYGXFaOTwxAPmuGz3t5EuwsKUMfF+8
 s7GyaqF5Q9tleV9jiIBw==
X-Google-Smtp-Source: AGHT+IEEaphcEY9myNn0kwQHZg0BlirukSPwGpqYXfvRkO0r52PO+/Tj0Q5oUfJ6HE4MsqUd+vqNdA==
X-Received: by 2002:a05:622a:1307:b0:4eb:a2ec:6e3e with SMTP id
 d75a77b69052e-4f1bfc5022dmr230221551cf.28.1765901532138; 
 Tue, 16 Dec 2025 08:12:12 -0800 (PST)
Received: from RHTRH0061144.redhat.com ([47.14.5.10])
 by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-8899ea3621bsm76408746d6.36.2025.12.16.08.12.11
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 16 Dec 2025 08:12:11 -0800 (PST)
From: 0-day Robot <robot@bytheb.org>
To: test-report@dpdk.org,
	Stephen Hemminger <stephen@networkplumber.org>
Subject: |SUCCESS| pw159217 [PATCH v5 06/17] telemetry: avoid possible string
 overflow
Date: Tue, 16 Dec 2025 11:12:10 -0500
Message-ID: <20251216161210.762509-1-robot@bytheb.org>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251207191242.165619-7-stephen@networkplumber.org>
References: <20251205022948.327743-1-stephen@networkplumber.org>
 <20251207191242.165619-1-stephen@networkplumber.org>
 <20251207191242.165619-7-stephen@networkplumber.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: test-report@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: automatic DPDK test reports <test-report.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/test-report>,
 <mailto:test-report-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/test-report/>
List-Post: <mailto:test-report@dpdk.org>
List-Help: <mailto:test-report-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/test-report>,
 <mailto:test-report-request@dpdk.org?subject=subscribe>
Errors-To: test-report-bounces@dpdk.org

Test-Label: 0day Robot - Claude SONNET
Test-Status: SUCCESS
http://dpdk.org/patch/159217

_AI Review Comments Available_

Git SHA: efb48c9ed5
Author: Stephen Hemminger <stephen@networkplumber.org>
Subject: telemetry: avoid possible string overflow

This commit improves string handling in the legacy telemetry client
registration by avoiding temporary buffers and adding length checks for
unix domain socket paths.

> diff --git a/lib/telemetry/telemetry_legacy.c b/lib/telemetry/telemetry_legacy.c
> index 89ec750c09..24f663eee7 100644
> --- a/lib/telemetry/telemetry_legacy.c
> +++ b/lib/telemetry/telemetry_legacy.c
> @@ -82,34 +82,41 @@ static int
>  register_client(const char *cmd __rte_unused, const char *params,
>  		char *buffer __rte_unused, int buf_len __rte_unused)
>  {
> +	const char *colon = strchr(params, ':');
> +
> +	if (colon == NULL) {
> +		fprintf(stderr, "Invalid client data: missing colon\n");
> +		return -1;
> +	}
> +
>  #ifndef RTE_EXEC_ENV_WINDOWS
>  	pthread_t th;
> -	char data[BUF_SIZE];
> -	int fd;
> -	int rc;
> -	struct sockaddr_un addrs;
> -#endif /* !RTE_EXEC_ENV_WINDOWS */
> +	int fd, rc;
> +	struct sockaddr_un addrs = { .sun_family = AF_UNIX };
>  
> -	if (!strchr(params, ':')) {
> -		fprintf(stderr, "Invalid data\n");
> +	if (colon[1] != '"') {
> +		fprintf(stderr, "Invalid client data: missing quote\n");
>  		return -1;
>  	}
> -#ifndef RTE_EXEC_ENV_WINDOWS
> -	strlcpy(data, strchr(params, ':'), sizeof(data));
> -	memmove(data, &data[strlen(":\"")], strlen(data));
> -	if (!strchr(data, '\"')) {
> -		fprintf(stderr, "Invalid client data\n");
> +
> +	const char *endquote = strchr(colon + 1, '"');
> +	if (endquote == NULL) {
> +		fprintf(stderr, "Invalid client data: missing end quote\n");
> +		return -1;
> +	}
> +
> +	size_t len = endquote - colon + 1;
> +	if (len == 0 || len >= sizeof(addrs.sun_path)) {
> +		fprintf(stderr, "Invalid client data: path length\n");
>  		return -1;
>  	}
> -	*strchr(data, '\"') = 0;
> +	strncpy(addrs.sun_path, colon + 1, len);

Does this calculation for len include the opening quote in the path? The
calculation appears to be endquote - colon + 1, which would include the
quote character in the length, and then strncpy copies starting from
colon + 1 which still includes the quote character.

Would the string copy operation include the quote character in the socket
path string when it should be stripped out?

> +#endif /* !RTE_EXEC_ENV_WINDOWS */
>  
>  	fd = socket(AF_UNIX, SOCK_SEQPACKET, 0);
>  	if (fd < 0) {
>  		perror("Failed to open socket");
>  		return -1;
>  	}
> -	addrs.sun_family = AF_UNIX;
> -	strlcpy(addrs.sun_path, data, sizeof(addrs.sun_path));
>  
>  	if (connect(fd, (struct sockaddr *)&addrs, sizeof(addrs)) == -1) {
>  		perror("\nClient connection error\n");