From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 8B8E1428D4;
	Wed,  5 Apr 2023 18:05:18 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 5364242D3D;
	Wed,  5 Apr 2023 18:04:52 +0200 (CEST)
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 by mails.dpdk.org (Postfix) with ESMTP id 7AED542D3F
 for <dev@dpdk.org>; Wed,  5 Apr 2023 18:04:50 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1680710690; x=1712246690;
 h=from:to:cc:subject:date:message-id:in-reply-to:
 references:mime-version:content-transfer-encoding;
 bh=lD4rRLY1FW6QSObnxnPfchXl6ww0aUf8D51zJ97VRdU=;
 b=Nr+DBkwxuNKt9za5pvu3mCjkli3lAVOU/4RTS17bKA9yDyVV2GSf5Mxk
 dSbdn5B/+N6uO7GVvNaHoDIMalXxLbj3VySNzMFTawRp3mtO6WRS7fYgL
 jqCUP3sj3T6m943+dK8RU0D0k53OYmXfOmxzgokfa/AyVrsAnCcAPjrTy
 YIZtXMFJZdnKbpj1TvlWJkJCWlpeWhXI45iE+lCx/YAJL11R9lcJsZrB7
 cSth0jmzC/+8lwP5b8Vjx/VEqUVyDcpzsaCXw8vC0Hg5Qw1PIhqLNU+2B
 Qgt/0blC+2iwnE2a8AfiKQ1rO94R0RlJwkvQwCIvZRZ8e3tut4oxaWMhD A==;
X-IronPort-AV: E=McAfee;i="6600,9927,10671"; a="341218633"
X-IronPort-AV: E=Sophos;i="5.98,321,1673942400"; d="scan'208";a="341218633"
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
 by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 05 Apr 2023 09:04:23 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10671"; a="830405832"
X-IronPort-AV: E=Sophos;i="5.98,321,1673942400"; d="scan'208";a="830405832"
Received: from silpixa00401385.ir.intel.com ([10.237.214.40])
 by fmsmga001.fm.intel.com with ESMTP; 05 Apr 2023 09:04:22 -0700
From: Bruce Richardson <bruce.richardson@intel.com>
To: dev@dpdk.org
Cc: ciara.power@intel.com, roretzla@linux.microsoft.com,
 Bruce Richardson <bruce.richardson@intel.com>
Subject: [PATCH v3 5/5] telemetry: remove VLA in json string format function
Date: Wed,  5 Apr 2023 17:03:26 +0100
Message-Id: <20230405160326.186921-6-bruce.richardson@intel.com>
X-Mailer: git-send-email 2.37.2
In-Reply-To: <20230405160326.186921-1-bruce.richardson@intel.com>
References: <20230310181836.162336-1-bruce.richardson@intel.com>
 <20230405160326.186921-1-bruce.richardson@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Since variable length arrays (VLAs) are potentially insecure and
unsupported by some compilers, rework the code to remove their use. As
with previous changes to remove VLAs in the telemetry code, this
function uses two methods to avoid modifying the buffer when adding to
it fails:
* if there are only a few characters in the buffer, save them off to
  restore on failure, then use the buffer as-is,
* otherwise use malloc rather than a VLA to allocate a temporary buffer
  and copy from that on success only.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
---
 app/test/test_telemetry_json.c |  2 +-
 lib/telemetry/telemetry_json.h | 19 +++++++++++++++++--
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/app/test/test_telemetry_json.c b/app/test/test_telemetry_json.c
index e81e3a8a98..5617eac540 100644
--- a/app/test/test_telemetry_json.c
+++ b/app/test/test_telemetry_json.c
@@ -129,7 +129,7 @@ test_string_char_escaping(void)
 {
 	static const char str[] = "A string across\ntwo lines and \"with quotes\"!";
 	const char *expected = "\"A string across\\ntwo lines and \\\"with quotes\\\"!\"";
-	char buf[sizeof(str) + 10];
+	char buf[sizeof(str) + 10] = "";
 	int used = 0;
 
 	used = rte_tel_json_str(buf, sizeof(buf), used, str);
diff --git a/lib/telemetry/telemetry_json.h b/lib/telemetry/telemetry_json.h
index c087b833eb..7999535848 100644
--- a/lib/telemetry/telemetry_json.h
+++ b/lib/telemetry/telemetry_json.h
@@ -134,13 +134,28 @@ __json_format_str_to_buf(char *buf, const int len,
 static inline int
 __json_format_str(char *buf, const int len, const char *prefix, const char *str, const char *suffix)
 {
-	char tmp[len];
 	int ret;
+	char saved[4] = "";
+	char *tmp;
+
+	if (strnlen(buf, sizeof(saved)) < sizeof(saved)) {
+		/* we have only a few bytes in buffer, so save them off to restore on error*/
+		strcpy(saved, buf);
+		ret = __json_format_str_to_buf(buf, len, prefix, str, suffix);
+		if (ret == 0)
+			strcpy(buf, saved); /* restore */
+		return ret;
+	}
+
+	tmp = malloc(len);
+	if (tmp == NULL)
+		return 0;
 
 	ret = __json_format_str_to_buf(tmp, len, prefix, str, suffix);
 	if (ret > 0)
-		strcpy(buf, tmp);
+		strcpy(buf, saved);
 
+	free(tmp);
 	return ret;
 }
 
-- 
2.37.2