DPDK patches and discussions
 help / color / mirror / Atom feed
From: Gaëtan Rivet <grive@u256.net>
To: Ferruh Yigit <ferruh.yigit@intel.com>
Cc: Bruce Richardson <bruce.richardson@intel.com>,
	Olivier Matz <olivier.matz@6wind.com>,
	Ciara Loftus <ciara.loftus@intel.com>,
	dev@dpdk.org
Subject: Re: [dpdk-dev] [PATCH] net/af_xdp: use snprintf instead of strncpy
Date: Fri, 9 Oct 2020 18:37:39 +0200
Message-ID: <20201009163739.7iu3ce2otdyrxe4p@u256.net> (raw)
In-Reply-To: <8f533e07-c6bf-46bd-2b42-dc5d9a9c3b42@intel.com>

On 09/10/20 11:59 +0100, Ferruh Yigit wrote:
> On 10/9/2020 11:36 AM, Gaëtan Rivet wrote:
> > On 07/10/20 12:45 +0100, Ferruh Yigit wrote:
> > > On 10/7/2020 11:28 AM, Bruce Richardson wrote:
> > > > On Wed, Oct 07, 2020 at 11:26:38AM +0100, Bruce Richardson wrote:
> > > > > On Wed, Oct 07, 2020 at 11:51:31AM +0200, Olivier Matz wrote:
> > > > > > On Wed, Oct 07, 2020 at 10:40:32AM +0100, Ferruh Yigit wrote:
> > > > > > > On 10/7/2020 10:01 AM, Ciara Loftus wrote:
> > > > > > > > strncpy may leave the destination buffer not NULL terminated so use
> > > > > > > > snprintf instead.
> > > > > > > 
> > > > > > > What do you think using 'strlcpy'?
> > > > > > 
> > > > > > Or even better, rte_strscpy()
> > > > > > https://git.dpdk.org/dpdk/commit/?id=b0236c7cf761
> > > > > > 
> > > > > I think this is largely a matter of preference, and unless there is a good
> > > > > reason not to, I tend towards strlcpy as the older and more common (till
> > > > > now) interface. The main thing is just to use a function that will
> > > > > guarantee dest is null-terminated here, and both strlcpy and strscpy meet
> > > > > that criteria.
> > > > > 
> > > > I'd also add that strlcpy is more likely to be recognised by tools like
> > > > coverity, compared to rte_strscpy which is DPDK-specific.
> > > > 
> > > 
> > > +1 to 'strlcpy'
> > 
> > Using strlcpy will be more recognized by static analyzer indeed.
> > 
> > But strscpy API is better:
> > 
> > * It helps checking string truncation by making it easier:
> > 
> >    if (strlcpy(dst, src, dstsize) >= dstsize)
> >          /* Dev + reviewer needs to think about using >= and not >, dstsize is
> >           * repeated so either dst is an array or it needs a dedicated variable.
> >           * Deal with truncation.
> >           */
> > 
> >    if (rte_strscpy(dst, src, dstsize) < 0)
> >          /* deal with truncation. */
> > 
> > * It is safer when dealing with unknown data source. strlcpy will always
> >    read all of src, because the API (uselessly) defines the return value
> >    to strlen(src).
> > 
> > Having yet another string copy function is contentious, but we can avoid
> > using worse API to please tools.
> > 
> > And detecting string truncation *is* helpful. String are used as IDs in
> > DPDK for some objects. Using strlcpy / snprintf at least protects from
> > buffer overflow, which is a bare minimum. A good implementation would
> > also warn the user about a config error / memory corruption happening
> > sooner.
> > 
> > In any case, sure to fix a sanity check strlcpy / snprintf will work.
> > 
> 
> I also think 'strscpy' is better API, and we had similar discussion before
> [1] and the decision was to prefer 'strlcpy'.
> 
> [1] http://inbox.dpdk.org/dev/b800d417-c33d-af4e-b506-8f31ae919410@intel.com/#t

Good memory! I hadn't seen this thread, thanks.

-- 
Gaëtan

      reply	other threads:[~2020-10-09 16:37 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-07  9:01 Ciara Loftus
2020-10-07  9:40 ` Ferruh Yigit
2020-10-07  9:51   ` Olivier Matz
2020-10-07 10:26     ` Bruce Richardson
2020-10-07 10:28       ` Bruce Richardson
2020-10-07 11:45         ` Ferruh Yigit
2020-10-09 10:36           ` Gaëtan Rivet
2020-10-09 10:49             ` Bruce Richardson
2020-10-09 10:59             ` Ferruh Yigit
2020-10-09 16:37               ` Gaëtan Rivet [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201009163739.7iu3ce2otdyrxe4p@u256.net \
    --to=grive@u256.net \
    --cc=bruce.richardson@intel.com \
    --cc=ciara.loftus@intel.com \
    --cc=dev@dpdk.org \
    --cc=ferruh.yigit@intel.com \
    --cc=olivier.matz@6wind.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git