From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <tchaitax@ecsmtp.ir.intel.com>
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
by dpdk.org (Postfix) with ESMTP id B4C473572;
Thu, 14 Mar 2019 14:36:22 +0100 (CET)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga006.jf.intel.com ([10.7.209.51])
by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
14 Mar 2019 06:36:21 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.58,478,1544515200"; d="scan'208";a="126931678"
Received: from irvmail001.ir.intel.com ([163.33.26.43])
by orsmga006.jf.intel.com with ESMTP; 14 Mar 2019 06:36:19 -0700
Received: from wgcvswdev001.ir.intel.com (wgcvswdev001.ir.intel.com
[10.102.246.100])
by irvmail001.ir.intel.com (8.14.3/8.13.6/MailSET/Hub) with ESMTP id
x2EDaI2N014224; Thu, 14 Mar 2019 13:36:18 GMT
Received: from wgcvswdev001.ir.intel.com (localhost [127.0.0.1])
by wgcvswdev001.ir.intel.com with ESMTP id x2EDZd3Y000574;
Thu, 14 Mar 2019 13:35:39 GMT
Received: (from tchaitax@localhost)
by wgcvswdev001.ir.intel.com with œ id x2EDZclU000570;
Thu, 14 Mar 2019 13:35:38 GMT
From: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
To: dev@dpdk.org
Cc: reshma.pattan@intel.com, jananeex.m.parthasarathy@intel.com,
rmody@marvell.com, shshaikh@marvell.com, beilei.xing@intel.com,
qi.z.zhang@intel.com,
Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>, stable@dpdk.org
Date: Thu, 14 Mar 2019 13:34:31 +0000
Message-Id: <1552570471-32372-1-git-send-email-tallurix.chaitanya.babu@intel.com>
X-Mailer: git-send-email 1.7.0.7
In-Reply-To: <1551963385-1234-1-git-send-email-tallurix.chaitanya.babu@intel.com>
References: <1551963385-1234-1-git-send-email-tallurix.chaitanya.babu@intel.com>
Subject: [dpdk-dev] [PATCH v6] drivers/net: fix possible overflow with strcat
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
<mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2019 13:36:23 -0000
strcat does not check the destination length and there might be
chances of string overflow so instead of strcat, strlcat is used.
Fixes: 540a211084 ("bnx2x: driver core")
Fixes: e163c18a15 ("net/i40e: update ptype and pctype info")
Cc: stable@dpdk.org
Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
---
v6: Updated title.
v5: Removed strcat.
v4: Corrected usage of strlcat.
v3: Instead of strncat, used strlcat.
v2: Instead of strncat, used snprintf.
---
drivers/net/bnx2x/bnx2x.c | 5 +++--
drivers/net/i40e/i40e_ethdev.c | 4 ++--
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/net/bnx2x/bnx2x.c b/drivers/net/bnx2x/bnx2x.c
index 26b3828e8..ab092e23f 100644
--- a/drivers/net/bnx2x/bnx2x.c
+++ b/drivers/net/bnx2x/bnx2x.c
@@ -25,6 +25,7 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <zlib.h>
+#include <rte_string_fns.h>
#define BNX2X_PMD_VER_PREFIX "BNX2X PMD"
#define BNX2X_PMD_VERSION_MAJOR 1
@@ -11741,13 +11742,13 @@ static const char *get_bnx2x_flags(uint32_t flags)
for (i = 0; i < 5; i++)
if (flags & (1 << i)) {
- strcat(flag_str, flag[i]);
+ strlcat(flag_str, flag[i], sizeof(flag_str));
flags ^= (1 << i);
}
if (flags) {
static char unknown[BNX2X_INFO_STR_MAX];
snprintf(unknown, 32, "Unknown flag mask %x", flags);
- strcat(flag_str, unknown);
+ strlcat(flag_str, unknown, sizeof(flag_str));
}
return flag_str;
}
diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index dca61f03a..9bc9a4390 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -12201,8 +12201,8 @@ i40e_update_customized_pctype(struct rte_eth_dev *dev, uint8_t *pkg,
for (n = 0; n < proto_num; n++) {
if (proto[n].proto_id != proto_id)
continue;
- strcat(name, proto[n].name);
- strcat(name, "_");
+ strlcat(name, proto[n].name, sizeof(name));
+ strlcat(name, "_", sizeof(name));
break;
}
}
--
2.17.2
From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
by dpdk.space (Postfix) with ESMTP id C071CA0096
for <public@inbox.dpdk.org>; Thu, 14 Mar 2019 14:36:25 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
by dpdk.org (Postfix) with ESMTP id B71F2374E;
Thu, 14 Mar 2019 14:36:24 +0100 (CET)
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
by dpdk.org (Postfix) with ESMTP id B4C473572;
Thu, 14 Mar 2019 14:36:22 +0100 (CET)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga006.jf.intel.com ([10.7.209.51])
by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
14 Mar 2019 06:36:21 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.58,478,1544515200"; d="scan'208";a="126931678"
Received: from irvmail001.ir.intel.com ([163.33.26.43])
by orsmga006.jf.intel.com with ESMTP; 14 Mar 2019 06:36:19 -0700
Received: from wgcvswdev001.ir.intel.com (wgcvswdev001.ir.intel.com
[10.102.246.100])
by irvmail001.ir.intel.com (8.14.3/8.13.6/MailSET/Hub) with ESMTP id
x2EDaI2N014224; Thu, 14 Mar 2019 13:36:18 GMT
Received: from wgcvswdev001.ir.intel.com (localhost [127.0.0.1])
by wgcvswdev001.ir.intel.com with ESMTP id x2EDZd3Y000574;
Thu, 14 Mar 2019 13:35:39 GMT
Received: (from tchaitax@localhost)
by wgcvswdev001.ir.intel.com with œ id x2EDZclU000570;
Thu, 14 Mar 2019 13:35:38 GMT
From: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
To: dev@dpdk.org
Cc: reshma.pattan@intel.com, jananeex.m.parthasarathy@intel.com,
rmody@marvell.com, shshaikh@marvell.com, beilei.xing@intel.com,
qi.z.zhang@intel.com,
Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>, stable@dpdk.org
Date: Thu, 14 Mar 2019 13:34:31 +0000
Message-Id:
<1552570471-32372-1-git-send-email-tallurix.chaitanya.babu@intel.com>
X-Mailer: git-send-email 1.7.0.7
In-Reply-To: <1551963385-1234-1-git-send-email-tallurix.chaitanya.babu@intel.com>
References: <1551963385-1234-1-git-send-email-tallurix.chaitanya.babu@intel.com>
Subject: [dpdk-dev] [PATCH v6] drivers/net: fix possible overflow with strcat
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID: <20190314133431.vdRPevH5c5a_wedyzaxNoie1m4xTLZTVGqHPAsMgEL0@z>
strcat does not check the destination length and there might be
chances of string overflow so instead of strcat, strlcat is used.
Fixes: 540a211084 ("bnx2x: driver core")
Fixes: e163c18a15 ("net/i40e: update ptype and pctype info")
Cc: stable@dpdk.org
Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
---
v6: Updated title.
v5: Removed strcat.
v4: Corrected usage of strlcat.
v3: Instead of strncat, used strlcat.
v2: Instead of strncat, used snprintf.
---
drivers/net/bnx2x/bnx2x.c | 5 +++--
drivers/net/i40e/i40e_ethdev.c | 4 ++--
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/net/bnx2x/bnx2x.c b/drivers/net/bnx2x/bnx2x.c
index 26b3828e8..ab092e23f 100644
--- a/drivers/net/bnx2x/bnx2x.c
+++ b/drivers/net/bnx2x/bnx2x.c
@@ -25,6 +25,7 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <zlib.h>
+#include <rte_string_fns.h>
#define BNX2X_PMD_VER_PREFIX "BNX2X PMD"
#define BNX2X_PMD_VERSION_MAJOR 1
@@ -11741,13 +11742,13 @@ static const char *get_bnx2x_flags(uint32_t flags)
for (i = 0; i < 5; i++)
if (flags & (1 << i)) {
- strcat(flag_str, flag[i]);
+ strlcat(flag_str, flag[i], sizeof(flag_str));
flags ^= (1 << i);
}
if (flags) {
static char unknown[BNX2X_INFO_STR_MAX];
snprintf(unknown, 32, "Unknown flag mask %x", flags);
- strcat(flag_str, unknown);
+ strlcat(flag_str, unknown, sizeof(flag_str));
}
return flag_str;
}
diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index dca61f03a..9bc9a4390 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -12201,8 +12201,8 @@ i40e_update_customized_pctype(struct rte_eth_dev *dev, uint8_t *pkg,
for (n = 0; n < proto_num; n++) {
if (proto[n].proto_id != proto_id)
continue;
- strcat(name, proto[n].name);
- strcat(name, "_");
+ strlcat(name, proto[n].name, sizeof(name));
+ strlcat(name, "_", sizeof(name));
break;
}
}
--
2.17.2