From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id A49588E5B for ; Fri, 18 May 2018 01:22:58 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 May 2018 16:22:58 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,412,1520924400"; d="scan'208";a="40250397" Received: from fedora.sh.intel.com ([10.67.114.176]) by fmsmga007.fm.intel.com with ESMTP; 17 May 2018 16:22:57 -0700 From: Changpeng Liu To: changpeng.liu@intel.com, dev@dpdk.org Date: Fri, 18 May 2018 07:32:12 +0800 Message-Id: <1526599932-13083-2-git-send-email-changpeng.liu@intel.com> X-Mailer: git-send-email 1.9.3 In-Reply-To: <1526599932-13083-1-git-send-email-changpeng.liu@intel.com> References: <1526599932-13083-1-git-send-email-changpeng.liu@intel.com> Subject: [dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer overrun with safe copy API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 May 2018 23:23:00 -0000 Signed-off-by: Changpeng Liu --- examples/vhost_scsi/scsi.c | 23 ++++++++++++----------- examples/vhost_scsi/vhost_scsi.c | 5 +++-- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/examples/vhost_scsi/scsi.c b/examples/vhost_scsi/scsi.c index 0c2fa3e..1572098 100644 --- a/examples/vhost_scsi/scsi.c +++ b/examples/vhost_scsi/scsi.c @@ -182,8 +182,8 @@ break; case SPC_VPD_UNIT_SERIAL_NUMBER: hlen = 4; - strlcpy((char *)vpage->params, bdev->name, - sizeof(vpage->params)); + vhost_strcpy_pad((char *)vpage->params, bdev->name, + sizeof(vpage->params), ' '); vpage->alloc_len = rte_cpu_to_be_16(32); break; case SPC_VPD_DEVICE_IDENTIFICATION: @@ -217,10 +217,11 @@ desig->piv = 1; desig->reserved1 = 0; desig->len = 8 + 16 + 32; - strlcpy((char *)desig->desig, "INTEL", 8); + vhost_strcpy_pad((char *)desig->desig, "INTEL", 8, ' '); vhost_strcpy_pad((char *)&desig->desig[8], bdev->product_name, 16, ' '); - strlcpy((char *)&desig->desig[24], bdev->name, 32); + vhost_strcpy_pad((char *)&desig->desig[24], bdev->name, + 32, ' '); len += sizeof(struct scsi_desig_desc) + 8 + 16 + 32; buf += sizeof(struct scsi_desig_desc) + desig->len; @@ -277,17 +278,17 @@ inqdata->flags3 = 0x2; /* T10 VENDOR IDENTIFICATION */ - strlcpy((char *)inqdata->t10_vendor_id, "INTEL", - sizeof(inqdata->t10_vendor_id)); + vhost_strcpy_pad((char *)inqdata->t10_vendor_id, "INTEL", + sizeof(inqdata->t10_vendor_id), ' '); /* PRODUCT IDENTIFICATION */ - snprintf((char *)inqdata->product_id, - RTE_DIM(inqdata->product_id), "%s", - bdev->product_name); + vhost_strcpy_pad((char *)inqdata->product_id, + bdev->product_name, + sizeof(inqdata->product_id), ' '); /* PRODUCT REVISION LEVEL */ - strlcpy((char *)inqdata->product_rev, "0001", - sizeof(inqdata->product_rev)); + vhost_strcpy_pad((char *)inqdata->product_rev, "0001", + sizeof(inqdata->product_rev), ' '); /* Standard inquiry data ends here. Only populate * remaining fields if alloc_len indicates enough diff --git a/examples/vhost_scsi/vhost_scsi.c b/examples/vhost_scsi/vhost_scsi.c index a1d542b..4e57462 100644 --- a/examples/vhost_scsi/vhost_scsi.c +++ b/examples/vhost_scsi/vhost_scsi.c @@ -183,8 +183,9 @@ static uint64_t gpa_to_vva(int vid, uint64_t gpa, uint64_t *len) if (!bdev) return NULL; - strncpy(bdev->name, bdev_name, sizeof(bdev->name)); - strncpy(bdev->product_name, bdev_serial, sizeof(bdev->product_name)); + snprintf(bdev->name, sizeof(bdev->name), "%s", bdev_name); + snprintf(bdev->product_name, sizeof(bdev->product_name), + "%s", bdev_serial); bdev->blocklen = blk_size; bdev->blockcnt = blk_cnt; bdev->write_cache = wce_enable; -- 1.9.3