RE: [PATCH] crypto/openssl: fix warning on copy length

patches for DPDK stable branches
 help / color / mirror / Atom feed

From: Ruifeng Wang <Ruifeng.Wang@arm.com>
To: David Marchand <david.marchand@redhat.com>, Kai Ji <kai.ji@intel.com>
Cc: Fan Zhang <fanzhang.oss@gmail.com>,
	Akhil Goyal <gakhil@marvell.com>, "dev@dpdk.org" <dev@dpdk.org>,
	nd <nd@arm.com>, "stable@dpdk.org" <stable@dpdk.org>,
	Feifei Wang <Feifei.Wang2@arm.com>, nd <nd@arm.com>
Subject: RE: [PATCH] crypto/openssl: fix warning on copy length
Date: Mon, 9 Jan 2023 03:31:47 +0000	[thread overview]
Message-ID: <AS8PR08MB7080BA75CA32305FF2EDEEEE9EFE9@AS8PR08MB7080.eurprd08.prod.outlook.com> (raw)
In-Reply-To: <CAJFAV8yQ7kBknz3oLt5SGOJjh5AC=cdeE7BPBbAWbxH2r-syJQ@mail.gmail.com>

> -----Original Message-----
> From: David Marchand <david.marchand@redhat.com>
> Sent: Friday, January 6, 2023 6:27 PM
> To: Kai Ji <kai.ji@intel.com>; Ruifeng Wang <Ruifeng.Wang@arm.com>
> Cc: Fan Zhang <fanzhang.oss@gmail.com>; Akhil Goyal <gakhil@marvell.com>; dev@dpdk.org; nd
> <nd@arm.com>; stable@dpdk.org; Feifei Wang <Feifei.Wang2@arm.com>
> Subject: Re: [PATCH] crypto/openssl: fix warning on copy length
> 
> On Fri, Jan 6, 2023 at 11:16 AM Ruifeng Wang <ruifeng.wang@arm.com> wrote:
> >
> > When building with gcc 11.2.0, the compiler warns as follows:
> > In function 'memcpy',
> >     inlined from 'openssl_set_session_auth_parameters'
> at ../drivers/crypto/openssl/rte_openssl_pmd.c:699:3,
> >     inlined from 'openssl_set_session_parameters'
> at ../drivers/crypto/openssl/rte_openssl_pmd.c:826:9:
> > /usr/include/aarch64-linux-gnu/bits/string_fortified.h:29:10: warning:
> '__builtin_memcpy' forming offset [4, 8] is out of the bounds [0, 4] [-Warray-bounds]
> >
> > Fixed the warning by copying up to string size.
> >
> > Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP API")
> > Cc: stable@dpdk.org
> > Cc: kai.ji@intel.com
> >
> > Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
> > Reviewed-by: Feifei Wang <feifei.wang2@arm.com>
> > ---
> >  drivers/crypto/openssl/rte_openssl_pmd.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> > index 05449b6e98..8458ad487a 100644
> > --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> > +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> > @@ -696,7 +696,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
> >                 algo = digest_name_get(xform->auth.algo);
> >                 if (!algo)
> >                         return -EINVAL;
> > -               rte_memcpy(algo_name, algo, (sizeof(algo)+1));
> > +               rte_memcpy(algo_name, algo, strlen(algo) + 1);
> 
> Why is there a need for copying such a string to a local storage?

From OpenSSL document, I can see OSSL_PARAM_construct_utf8_string() takes a buffer
as input. But I'm not sure if a const is acceptable. 
I would keep the fix simple for backport. Removing copy is an improvement that
can be done by someone who has more knowledge of OpenSSL library.
> 
> If it is really needed, we are dealing with strings, so I suggest:
> strlcpy(algo_name, algo, sizeof(algo_name));

Thanks for the suggestion. Will update in v2.

Regards,
Ruifeng
> 
> 
> --
> David Marchand

next prev parent reply	other threads:[~2023-01-09  3:32 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-06 10:15 Ruifeng Wang
2023-01-06 10:26 ` David Marchand
2023-01-09  3:31   ` Ruifeng Wang [this message]
2023-01-09  3:40 ` [PATCH v2] " Ruifeng Wang
2023-01-31  8:09   ` [EXT] " Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=AS8PR08MB7080BA75CA32305FF2EDEEEE9EFE9@AS8PR08MB7080.eurprd08.prod.outlook.com \
    --to=ruifeng.wang@arm.com \
    --cc=Feifei.Wang2@arm.com \
    --cc=david.marchand@redhat.com \
    --cc=dev@dpdk.org \
    --cc=fanzhang.oss@gmail.com \
    --cc=gakhil@marvell.com \
    --cc=kai.ji@intel.com \
    --cc=nd@arm.com \
    --cc=stable@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).