From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id D878BA04BC;
	Fri,  9 Oct 2020 12:59:16 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 502731D37E;
	Fri,  9 Oct 2020 12:59:15 +0200 (CEST)
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 by dpdk.org (Postfix) with ESMTP id C374F1D14D
 for <dev@dpdk.org>; Fri,  9 Oct 2020 12:59:12 +0200 (CEST)
IronPort-SDR: E9HvwYN+WjtnTuR9kjDpnh3lRQ4kp+nom5wlYU5aFFnEueKqMtGOf6VvjVaoPLeaDHIeyCbjzN
 52A4FESrDCTA==
X-IronPort-AV: E=McAfee;i="6000,8403,9768"; a="153303667"
X-IronPort-AV: E=Sophos;i="5.77,354,1596524400"; d="scan'208";a="153303667"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
 by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 09 Oct 2020 03:59:11 -0700
IronPort-SDR: SRAkc3yDbA01Trc1k4vUuuvpjjQozjsTKI2an0aOCAVA1vOf/3LzCe9cuoLFYDu6GoJ9ZAWGPs
 4DyeP1H4tI8w==
X-IronPort-AV: E=Sophos;i="5.77,354,1596524400"; d="scan'208";a="528881461"
Received: from fyigit-mobl1.ger.corp.intel.com (HELO [10.252.18.7])
 ([10.252.18.7])
 by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 09 Oct 2020 03:59:10 -0700
To: =?UTF-8?Q?Ga=c3=abtan_Rivet?= <grive@u256.net>
Cc: Bruce Richardson <bruce.richardson@intel.com>,
 Olivier Matz <olivier.matz@6wind.com>, Ciara Loftus
 <ciara.loftus@intel.com>, dev@dpdk.org
References: <20201007090137.5121-1-ciara.loftus@intel.com>
 <f5b8f112-8d17-6fb5-9703-29ffc0d5357e@intel.com>
 <20201007095131.GQ21395@platinum>
 <20201007102638.GB680@bricha3-MOBL.ger.corp.intel.com>
 <20201007102812.GC680@bricha3-MOBL.ger.corp.intel.com>
 <ab391b6d-5fcb-9ed9-12dd-8cdf45c5b697@intel.com>
 <20201009103630.jicsmryvgsxc72bl@u256.net>
From: Ferruh Yigit <ferruh.yigit@intel.com>
Message-ID: <8f533e07-c6bf-46bd-2b42-dc5d9a9c3b42@intel.com>
Date: Fri, 9 Oct 2020 11:59:06 +0100
MIME-Version: 1.0
In-Reply-To: <20201009103630.jicsmryvgsxc72bl@u256.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Subject: Re: [dpdk-dev] [PATCH] net/af_xdp: use snprintf instead of strncpy
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

On 10/9/2020 11:36 AM, Gaëtan Rivet wrote:
> On 07/10/20 12:45 +0100, Ferruh Yigit wrote:
>> On 10/7/2020 11:28 AM, Bruce Richardson wrote:
>>> On Wed, Oct 07, 2020 at 11:26:38AM +0100, Bruce Richardson wrote:
>>>> On Wed, Oct 07, 2020 at 11:51:31AM +0200, Olivier Matz wrote:
>>>>> On Wed, Oct 07, 2020 at 10:40:32AM +0100, Ferruh Yigit wrote:
>>>>>> On 10/7/2020 10:01 AM, Ciara Loftus wrote:
>>>>>>> strncpy may leave the destination buffer not NULL terminated so use
>>>>>>> snprintf instead.
>>>>>>
>>>>>> What do you think using 'strlcpy'?
>>>>>
>>>>> Or even better, rte_strscpy()
>>>>> https://git.dpdk.org/dpdk/commit/?id=b0236c7cf761
>>>>>
>>>> I think this is largely a matter of preference, and unless there is a good
>>>> reason not to, I tend towards strlcpy as the older and more common (till
>>>> now) interface. The main thing is just to use a function that will
>>>> guarantee dest is null-terminated here, and both strlcpy and strscpy meet
>>>> that criteria.
>>>>
>>> I'd also add that strlcpy is more likely to be recognised by tools like
>>> coverity, compared to rte_strscpy which is DPDK-specific.
>>>
>>
>> +1 to 'strlcpy'
> 
> Using strlcpy will be more recognized by static analyzer indeed.
> 
> But strscpy API is better:
> 
> * It helps checking string truncation by making it easier:
> 
>    if (strlcpy(dst, src, dstsize) >= dstsize)
>          /* Dev + reviewer needs to think about using >= and not >, dstsize is
>           * repeated so either dst is an array or it needs a dedicated variable.
>           * Deal with truncation.
>           */
> 
>    if (rte_strscpy(dst, src, dstsize) < 0)
>          /* deal with truncation. */
> 
> * It is safer when dealing with unknown data source. strlcpy will always
>    read all of src, because the API (uselessly) defines the return value
>    to strlen(src).
> 
> Having yet another string copy function is contentious, but we can avoid
> using worse API to please tools.
> 
> And detecting string truncation *is* helpful. String are used as IDs in
> DPDK for some objects. Using strlcpy / snprintf at least protects from
> buffer overflow, which is a bare minimum. A good implementation would
> also warn the user about a config error / memory corruption happening
> sooner.
> 
> In any case, sure to fix a sanity check strlcpy / snprintf will work.
> 

I also think 'strscpy' is better API, and we had similar discussion before [1] 
and the decision was to prefer 'strlcpy'.

[1] http://inbox.dpdk.org/dev/b800d417-c33d-af4e-b506-8f31ae919410@intel.com/#t