[dpdk-dev] [PATCH v1] metrics: fix potential missing NULL termination

[dpdk-dev] [PATCH v1] metrics: fix potential missing NULL termination

[Remy Horton]

Fixes a potential memory overrun detected by Coverity.
This overrun cannot currently happen in practice because
rte_metrics_reg_names() explicitly forces the last name
character to be a NULL terminator. This patch adds the
same enforcement to rte_metrics_get_names() in order to
correct the warning.

Coverity issue: 143434
Fixes: 349950ddb9c5 ("metrics: add information metrics library")

Signed-off-by: Remy Horton <remy.horton@intel.com>
---
 lib/librte_metrics/rte_metrics.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/librte_metrics/rte_metrics.c b/lib/librte_metrics/rte_metrics.c
index 556ae1b..958ef3d 100644
--- a/lib/librte_metrics/rte_metrics.c
+++ b/lib/librte_metrics/rte_metrics.c
@@ -214,10 +214,15 @@ rte_metrics_get_names(struct rte_metric_name *names,
 			rte_spinlock_unlock(&stats->lock);
 			return return_value;
 		}
-		for (idx_name = 0; idx_name < stats->cnt_stats; idx_name++)
+		for (idx_name = 0; idx_name < stats->cnt_stats; idx_name++) {
 			strncpy(names[idx_name].name,
 				stats->metadata[idx_name].name,
 				RTE_METRICS_MAX_NAME_LEN);
+		/* Enforce NULL-termination. The source string should already
+		 * be NULL-terminated, so this is to quieten lint checks..
+		 */
+		names[idx_name].name[RTE_METRICS_MAX_NAME_LEN - 1] = '\0';
+		}
 	}
 	return_value = stats->cnt_stats;
 	rte_spinlock_unlock(&stats->lock);
-- 
2.9.5

Re: [dpdk-dev] [PATCH v1] metrics: fix potential missing NULL termination

[Bruce Richardson]

On Tue, Feb 20, 2018 at 02:50:01PM +0000, Remy Horton wrote:
> Fixes a potential memory overrun detected by Coverity.
> This overrun cannot currently happen in practice because
> rte_metrics_reg_names() explicitly forces the last name
> character to be a NULL terminator. This patch adds the
> same enforcement to rte_metrics_get_names() in order to
> correct the warning.
> 
> Coverity issue: 143434
> Fixes: 349950ddb9c5 ("metrics: add information metrics library")
> 
> Signed-off-by: Remy Horton <remy.horton@intel.com>
> ---
>  lib/librte_metrics/rte_metrics.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/librte_metrics/rte_metrics.c b/lib/librte_metrics/rte_metrics.c
> index 556ae1b..958ef3d 100644
> --- a/lib/librte_metrics/rte_metrics.c
> +++ b/lib/librte_metrics/rte_metrics.c
> @@ -214,10 +214,15 @@ rte_metrics_get_names(struct rte_metric_name *names,
>  			rte_spinlock_unlock(&stats->lock);
>  			return return_value;
>  		}
> -		for (idx_name = 0; idx_name < stats->cnt_stats; idx_name++)
> +		for (idx_name = 0; idx_name < stats->cnt_stats; idx_name++) {
>  			strncpy(names[idx_name].name,
>  				stats->metadata[idx_name].name,
>  				RTE_METRICS_MAX_NAME_LEN);
> +		/* Enforce NULL-termination. The source string should already
> +		 * be NULL-terminated, so this is to quieten lint checks..
> +		 */
> +		names[idx_name].name[RTE_METRICS_MAX_NAME_LEN - 1] = '\0';
> +		}
>  	}

Again, I think the better fix is to replace strncpy with snprintf which
will guarantee the null termination, unlike strncpy which is nasty that
way.

/Bruce

Re: [dpdk-dev] [PATCH v1] metrics: fix potential missing NULL termination

[Remy Horton]

On 20/02/2018 15:11, Bruce Richardson wrote:
[..]
> Again, I think the better fix is to replace strncpy with snprintf which
> will guarantee the null termination, unlike strncpy which is nasty that
> way.

OK, v2 on way..

[dpdk-dev] [PATCH v2] metrics: fix potential missing NULL termination

[Remy Horton]

Fixes a potential memory overrun detected by Coverity.
This overrun cannot currently happen in practice because
rte_metrics_reg_names() explicitly forces the last name
character to be a NULL terminator. This patch adds the
same enforcement to rte_metrics_get_names() in order to
correct the warning, as well as using snprintf instead
of strncpy to copy name strings.

Coverity issue: 143434
Fixes: 349950ddb9c5 ("metrics: add information metrics library")
Fixes: 710cab6f675a ("metrics: fix out of bound access")

Signed-off-by: Remy Horton <remy.horton@intel.com>

--
Changes in v2
* Replace strncpy with snprintf
---
 lib/librte_metrics/rte_metrics.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/lib/librte_metrics/rte_metrics.c b/lib/librte_metrics/rte_metrics.c
index 556ae1b..b0f5450 100644
--- a/lib/librte_metrics/rte_metrics.c
+++ b/lib/librte_metrics/rte_metrics.c
@@ -113,10 +113,8 @@ rte_metrics_reg_names(const char * const *names, uint16_t cnt_names)
 
 	for (idx_name = 0; idx_name < cnt_names; idx_name++) {
 		entry = &stats->metadata[idx_name + stats->cnt_stats];
-		strncpy(entry->name, names[idx_name],
-			RTE_METRICS_MAX_NAME_LEN);
-		/* Enforce NULL-termination */
-		entry->name[RTE_METRICS_MAX_NAME_LEN - 1] = '\0';
+		snprintf(entry->name, RTE_METRICS_MAX_NAME_LEN,
+			"%s", names[idx_name]);
 		memset(entry->value, 0, sizeof(entry->value));
 		entry->idx_next_stat = idx_name + stats->cnt_stats + 1;
 	}
@@ -215,9 +213,9 @@ rte_metrics_get_names(struct rte_metric_name *names,
 			return return_value;
 		}
 		for (idx_name = 0; idx_name < stats->cnt_stats; idx_name++)
-			strncpy(names[idx_name].name,
-				stats->metadata[idx_name].name,
-				RTE_METRICS_MAX_NAME_LEN);
+			snprintf(names[idx_name].name,
+				RTE_METRICS_MAX_NAME_LEN,
+				"%s", stats->metadata[idx_name].name);
 	}
 	return_value = stats->cnt_stats;
 	rte_spinlock_unlock(&stats->lock);
-- 
2.9.5

Re: [dpdk-dev] [PATCH v2] metrics: fix potential missing NULL termination

[Ferruh Yigit]

On 2/20/2018 4:05 PM, Remy Horton wrote:
> Fixes a potential memory overrun detected by Coverity.
> This overrun cannot currently happen in practice because
> rte_metrics_reg_names() explicitly forces the last name
> character to be a NULL terminator. This patch adds the
> same enforcement to rte_metrics_get_names() in order to
> correct the warning, as well as using snprintf instead
> of strncpy to copy name strings.

There is a patch from Bruce to convert snprintf to strlcpy [1], this patch can
be part of that one.

[1]
https://dpdk.org/dev/patchwork/patch/35976/

> 
> Coverity issue: 143434
> Fixes: 349950ddb9c5 ("metrics: add information metrics library")
> Fixes: 710cab6f675a ("metrics: fix out of bound access")
> 
> Signed-off-by: Remy Horton <remy.horton@intel.com>

<...>

Re: [dpdk-dev] [PATCH v2] metrics: fix potential missing NULL termination

[Thomas Monjalon]

22/03/2018 11:33, Ferruh Yigit:
> On 2/20/2018 4:05 PM, Remy Horton wrote:
> > Fixes a potential memory overrun detected by Coverity.
> > This overrun cannot currently happen in practice because
> > rte_metrics_reg_names() explicitly forces the last name
> > character to be a NULL terminator. This patch adds the
> > same enforcement to rte_metrics_get_names() in order to
> > correct the warning, as well as using snprintf instead
> > of strncpy to copy name strings.
> 
> There is a patch from Bruce to convert snprintf to strlcpy [1], this patch can
> be part of that one.
> 
> [1]
> https://dpdk.org/dev/patchwork/patch/35976/
> 
> > 
> > Coverity issue: 143434
> > Fixes: 349950ddb9c5 ("metrics: add information metrics library")
> > Fixes: 710cab6f675a ("metrics: fix out of bound access")
> > 
> > Signed-off-by: Remy Horton <remy.horton@intel.com>

Updated to use strlcpy and applied.