* [dpdk-dev] [PATCH] examples/vm_power_manager: buffer not null terminated
@ 2016-04-12 15:13 Daniel Mrzyglod
2016-04-27 14:36 ` Thomas Monjalon
2016-05-10 15:49 ` [dpdk-dev] [PATCH v2] " Daniel Mrzyglod
0 siblings, 2 replies; 4+ messages in thread
From: Daniel Mrzyglod @ 2016-04-12 15:13 UTC (permalink / raw)
To: dev; +Cc: alan.carew
CID30691:
If the buffer is treated as a null terminated string in later operations,
a buffer overflow or over-read may occur.
In add_vm: The string buffer may not have a null terminator if the source
string's length is equal to the buffer size
Fixes: e8ae9b662506 ("examples/vm_power: channel manager and monitor in host")
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
---
examples/vm_power_manager/channel_manager.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/examples/vm_power_manager/channel_manager.c b/examples/vm_power_manager/channel_manager.c
index 22c2ddd..b9265ce 100644
--- a/examples/vm_power_manager/channel_manager.c
+++ b/examples/vm_power_manager/channel_manager.c
@@ -666,7 +666,8 @@ add_vm(const char *vm_name)
rte_free(new_domain);
return -1;
}
- strncpy(new_domain->name, vm_name, sizeof(new_domain->name));
+ strncat(new_domain->name, vm_name, sizeof(new_domain->name) -
+ strlen(new_domain->name) - 1);
new_domain->channel_mask = 0;
new_domain->num_channels = 0;
--
2.5.5
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dpdk-dev] [PATCH] examples/vm_power_manager: buffer not null terminated
2016-04-12 15:13 [dpdk-dev] [PATCH] examples/vm_power_manager: buffer not null terminated Daniel Mrzyglod
@ 2016-04-27 14:36 ` Thomas Monjalon
2016-05-10 15:49 ` [dpdk-dev] [PATCH v2] " Daniel Mrzyglod
1 sibling, 0 replies; 4+ messages in thread
From: Thomas Monjalon @ 2016-04-27 14:36 UTC (permalink / raw)
To: Daniel Mrzyglod; +Cc: dev, alan.carew
2016-04-12 17:13, Daniel Mrzyglod:
> CID30691:
> If the buffer is treated as a null terminated string in later operations,
> a buffer overflow or over-read may occur.
[...]
> --- a/examples/vm_power_manager/channel_manager.c
> +++ b/examples/vm_power_manager/channel_manager.c
> - strncpy(new_domain->name, vm_name, sizeof(new_domain->name));
> + strncat(new_domain->name, vm_name, sizeof(new_domain->name) -
> + strlen(new_domain->name) - 1);
It looks to be a copy paste of a ready-to-use replacement of strncpy.
Why not just do new_domain->name[sizeof(new_domain->name) - 1] = 0 ?
^ permalink raw reply [flat|nested] 4+ messages in thread
* [dpdk-dev] [PATCH v2] examples/vm_power_manager: buffer not null terminated
2016-04-12 15:13 [dpdk-dev] [PATCH] examples/vm_power_manager: buffer not null terminated Daniel Mrzyglod
2016-04-27 14:36 ` Thomas Monjalon
@ 2016-05-10 15:49 ` Daniel Mrzyglod
2016-05-16 12:48 ` Thomas Monjalon
1 sibling, 1 reply; 4+ messages in thread
From: Daniel Mrzyglod @ 2016-05-10 15:49 UTC (permalink / raw)
To: thomas.monjalon; +Cc: dev, Daniel Mrzyglod
CID30691:
If the buffer is treated as a null terminated string in later operations,
a buffer overflow or over-read may occur.
In add_vm: The string buffer may not have a null terminator if the source
string's length is equal to the buffer size
Fixes: e8ae9b662506 ("examples/vm_power: channel manager and monitor in host")
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
---
examples/vm_power_manager/channel_manager.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/examples/vm_power_manager/channel_manager.c b/examples/vm_power_manager/channel_manager.c
index 22c2ddd..e068ae2 100644
--- a/examples/vm_power_manager/channel_manager.c
+++ b/examples/vm_power_manager/channel_manager.c
@@ -667,6 +667,7 @@ add_vm(const char *vm_name)
return -1;
}
strncpy(new_domain->name, vm_name, sizeof(new_domain->name));
+ new_domain->name[sizeof(new_domain->name) - 1] = '\0';
new_domain->channel_mask = 0;
new_domain->num_channels = 0;
--
2.5.5
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dpdk-dev] [PATCH v2] examples/vm_power_manager: buffer not null terminated
2016-05-10 15:49 ` [dpdk-dev] [PATCH v2] " Daniel Mrzyglod
@ 2016-05-16 12:48 ` Thomas Monjalon
0 siblings, 0 replies; 4+ messages in thread
From: Thomas Monjalon @ 2016-05-16 12:48 UTC (permalink / raw)
To: Daniel Mrzyglod; +Cc: dev
2016-05-10 17:49, Daniel Mrzyglod:
> CID30691:
> If the buffer is treated as a null terminated string in later operations,
> a buffer overflow or over-read may occur.
>
> In add_vm: The string buffer may not have a null terminator if the source
> string's length is equal to the buffer size
>
> Fixes: e8ae9b662506 ("examples/vm_power: channel manager and monitor in host")
>
> Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Applied, thanks
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-05-16 12:48 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-12 15:13 [dpdk-dev] [PATCH] examples/vm_power_manager: buffer not null terminated Daniel Mrzyglod
2016-04-27 14:36 ` Thomas Monjalon
2016-05-10 15:49 ` [dpdk-dev] [PATCH v2] " Daniel Mrzyglod
2016-05-16 12:48 ` Thomas Monjalon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).