From: "Rybalchenko, Kirill" <kirill.rybalchenko@intel.com>
To: "Richardson, Bruce" <bruce.richardson@intel.com>
Cc: "dev@dpdk.org" <dev@dpdk.org>,
"Chilikin, Andrey" <andrey.chilikin@intel.com>,
"Xing, Beilei" <beilei.xing@intel.com>,
"Wu, Jingjing" <jingjing.wu@intel.com>
Subject: Re: [dpdk-dev] [PATCH] net/i40e: fix value of num parameter for strncpy function
Date: Mon, 23 Oct 2017 13:06:05 +0000 [thread overview]
Message-ID: <696B43C21188DF4F9C9091AAE4789B824E2A50BE@IRSMSX108.ger.corp.intel.com> (raw)
In-Reply-To: <20171023125745.GA26976@bricha3-MOBL3.ger.corp.intel.com>
> -----Original Message-----
> From: Richardson, Bruce
> Sent: Monday 23 October 2017 13:58
> To: Rybalchenko, Kirill <kirill.rybalchenko@intel.com>
> Cc: dev@dpdk.org; Chilikin, Andrey <andrey.chilikin@intel.com>; Xing, Beilei
> <beilei.xing@intel.com>; Wu, Jingjing <jingjing.wu@intel.com>
> Subject: Re: [dpdk-dev] [PATCH] net/i40e: fix value of num parameter for
> strncpy function
>
> On Mon, Oct 23, 2017 at 12:24:49PM +0100, Kirill Rybalchenko wrote:
> > num parameter for strncpy() function should be smaller than actual
> > destination buffer size to allow null termination.
> >
> > Fixes: 40d1324423a4 ("net/i40e: get ddp profile protocol info")
> >
> > Signed-off-by: Kirill Rybalchenko <kirill.rybalchenko@intel.com>
> > ---
> > drivers/net/i40e/rte_pmd_i40e.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/net/i40e/rte_pmd_i40e.c
> > b/drivers/net/i40e/rte_pmd_i40e.c index 4881ea0..489f66b 100644
> > --- a/drivers/net/i40e/rte_pmd_i40e.c
> > +++ b/drivers/net/i40e/rte_pmd_i40e.c
> > @@ -1928,7 +1928,7 @@ int rte_pmd_i40e_get_ddp_info(uint8_t
> *pkg_buff, uint32_t pkg_size,
> > for (i = j = 0; i < nb_rec; j++) {
> > pinfo[j].proto_id = tlv->data[0];
> > strncpy(pinfo[j].name, (const char *)&tlv->data[1],
> > - I40E_DDP_NAME_SIZE);
> > + I40E_DDP_NAME_SIZE - 1);
> > i += tlv->len;
> > tlv = &tlv[tlv->len];
> > }
> > --
>
> This is not a proper fix, as it still won't null-terminate the result.
> Replace strncpy with snprintf is probably the best solution.
The source buffer is 12 bytes long and guaranteed contains null-terminated C-string,
Destination buffer is 32 bytes long. Strncpy documentation says:
" Copies the first num characters of source to destination. If the end of the source C string (which is signaled by a null-character) is found before num characters have been copied, destination is padded with zeros until a total of num characters have been written to it."
I belive, having that, we can be sure that we'll get proper null-terminated string within destination buffer.
Or do I miss something?
>
> /Bruce
next prev parent reply other threads:[~2017-10-23 13:06 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-23 11:24 Kirill Rybalchenko
2017-10-23 12:57 ` Bruce Richardson
2017-10-23 13:06 ` Rybalchenko, Kirill [this message]
2017-10-23 13:30 ` Bruce Richardson
2017-10-24 9:22 ` [dpdk-dev] [PATCH] net/i40e: fix unsecure usage of " Kirill Rybalchenko
2017-10-24 9:50 ` Bruce Richardson
2017-10-24 18:12 ` Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=696B43C21188DF4F9C9091AAE4789B824E2A50BE@IRSMSX108.ger.corp.intel.com \
--to=kirill.rybalchenko@intel.com \
--cc=andrey.chilikin@intel.com \
--cc=beilei.xing@intel.com \
--cc=bruce.richardson@intel.com \
--cc=dev@dpdk.org \
--cc=jingjing.wu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).