From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id 67D434CE4 for ; Fri, 4 Nov 2016 15:16:03 +0100 (CET) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga105.jf.intel.com with ESMTP; 04 Nov 2016 07:15:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,443,1473145200"; d="scan'208";a="1063947894" Received: from fyigit-mobl1.ger.corp.intel.com (HELO [10.237.220.57]) ([10.237.220.57]) by fmsmga001.fm.intel.com with ESMTP; 04 Nov 2016 07:15:41 -0700 To: Fan Zhang , dev@dpdk.org References: <1478175163-229116-1-git-send-email-roy.fan.zhang@intel.com> <1478175163-229116-3-git-send-email-roy.fan.zhang@intel.com> From: Ferruh Yigit Message-ID: <65ef8356-b5d9-4ce2-b16c-ba09f3ccfedc@intel.com> Date: Fri, 4 Nov 2016 14:15:40 +0000 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <1478175163-229116-3-git-send-email-roy.fan.zhang@intel.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix copy into fixed size buffer issue X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Nov 2016 14:16:04 -0000 On 11/3/2016 12:12 PM, Fan Zhang wrote: > Coverity issue: 137875 > Fixes: 0d547ed0 ("examples/ipsec-secgw: support configuration > file") > > Signed-off-by: Fan Zhang > --- > examples/ipsec-secgw/sa.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c > index 9e2c8a9..c891be2 100644 > --- a/examples/ipsec-secgw/sa.c > +++ b/examples/ipsec-secgw/sa.c > @@ -177,7 +177,7 @@ parse_key_string(const char *key_str, uint8_t *key) > pt_end = strchr(pt_start, ':'); > > if (pt_end == NULL) > - strncpy(sub_str, pt_start, strlen(pt_start)); > + strncpy(sub_str, pt_start, strlen(sub_str) - 1); sub_str initial value is not known, "strlen(sub_str) - 1" leaves last byte of the string random, instead of intended NULL. Also sub_str has hardcoded length of 3, it can be good to confirm NULL terminated byte taken into account, and number actually can be maximum two digits long. > else { > if (pt_end - pt_start > 2) > return 0; >