From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id 7ECEAC33A for ; Tue, 21 Jun 2016 17:18:21 +0200 (CEST) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP; 21 Jun 2016 08:18:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.26,504,1459839600"; d="scan'208";a="1006738172" Received: from irvmail001.ir.intel.com ([163.33.26.43]) by fmsmga002.fm.intel.com with ESMTP; 21 Jun 2016 08:18:08 -0700 Received: from sivswdev02.ir.intel.com (sivswdev02.ir.intel.com [10.237.217.46]) by irvmail001.ir.intel.com (8.14.3/8.13.6/MailSET/Hub) with ESMTP id u5LFI7bc024664; Tue, 21 Jun 2016 16:18:07 +0100 Received: from sivswdev02.ir.intel.com (localhost [127.0.0.1]) by sivswdev02.ir.intel.com with ESMTP id u5LFI7Se015077; Tue, 21 Jun 2016 16:18:07 +0100 Received: (from reshmapa@localhost) by sivswdev02.ir.intel.com with id u5LFI7cT015073; Tue, 21 Jun 2016 16:18:07 +0100 From: Reshma Pattan To: dev@dpdk.org Cc: Reshma Pattan Date: Tue, 21 Jun 2016 16:18:04 +0100 Message-Id: <1466522285-15023-3-git-send-email-reshma.pattan@intel.com> X-Mailer: git-send-email 1.7.4.1 In-Reply-To: <1466522285-15023-1-git-send-email-reshma.pattan@intel.com> References: <1466522285-15023-1-git-send-email-reshma.pattan@intel.com> Subject: [dpdk-dev] [PATCH 2/3] pdump: fix string overflow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jun 2016 15:18:21 -0000 using source length in strncpy can cause destination overflow if destination length is not big enough to handle the source string. Changes are made to use destination size instead of source length in strncpy. Cverity issue 127350: string overflow Fixes: 278f945402c5 ("pdump: add new library for packet capture") Signed-off-by: Reshma Pattan --- lib/librte_pdump/rte_pdump.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/librte_pdump/rte_pdump.c b/lib/librte_pdump/rte_pdump.c index dbc6816..05513d6 100644 --- a/lib/librte_pdump/rte_pdump.c +++ b/lib/librte_pdump/rte_pdump.c @@ -460,8 +460,7 @@ pdump_get_socket_path(char *buffer, int bufsz, enum rte_pdump_socktype type) SOCKET_PATH_HOME, __func__, __LINE__); return -1; } - } - else + } else dir = SOCKET_PATH_VAR_RUN; } @@ -800,13 +799,15 @@ pdump_prepare_client_request(char *device, uint16_t queue, req.flags = flags; req.op = operation; if ((operation & ENABLE) != 0) { - strncpy(req.data.en_v1.device, device, strlen(device)); + strncpy(req.data.en_v1.device, device, + sizeof(req.data.en_v1.device)-1); req.data.en_v1.queue = queue; req.data.en_v1.ring = ring; req.data.en_v1.mp = mp; req.data.en_v1.filter = filter; } else { - strncpy(req.data.dis_v1.device, device, strlen(device)); + strncpy(req.data.dis_v1.device, device, + sizeof(req.data.dis_v1.device)-1); req.data.dis_v1.queue = queue; req.data.dis_v1.ring = NULL; req.data.dis_v1.mp = NULL; -- 2.5.0