From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id 10E3C4C80; Wed, 13 Mar 2019 15:07:40 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Mar 2019 07:07:40 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,474,1544515200"; d="scan'208";a="140435788" Received: from fyigit-mobl.ger.corp.intel.com (HELO [10.237.221.46]) ([10.237.221.46]) by FMSMGA003.fm.intel.com with ESMTP; 13 Mar 2019 07:07:38 -0700 To: Aaron Conole Cc: "Parthasarathy, JananeeX M" , "'dev@dpdk.org'" , "Pattan, Reshma" , "Rao, Nikhil" , "'stable@dpdk.org'" , "Poornima, PallantlaX" References: <1549449822-412-1-git-send-email-pallantlax.poornima@intel.com> <7AE31235A30B41498D1C31348DC858BD5B534A73@IRSMSX103.ger.corp.intel.com> <7AE31235A30B41498D1C31348DC858BD5B54DCD4@IRSMSX103.ger.corp.intel.com> From: Ferruh Yigit Openpgp: preference=signencrypt Autocrypt: addr=ferruh.yigit@intel.com; prefer-encrypt=mutual; keydata= mQINBFXZCFABEADCujshBOAaqPZpwShdkzkyGpJ15lmxiSr3jVMqOtQS/sB3FYLT0/d3+bvy qbL9YnlbPyRvZfnP3pXiKwkRoR1RJwEo2BOf6hxdzTmLRtGtwWzI9MwrUPj6n/ldiD58VAGQ +iR1I/z9UBUN/ZMksElA2D7Jgg7vZ78iKwNnd+vLBD6I61kVrZ45Vjo3r+pPOByUBXOUlxp9 GWEKKIrJ4eogqkVNSixN16VYK7xR+5OUkBYUO+sE6etSxCr7BahMPKxH+XPlZZjKrxciaWQb +dElz3Ab4Opl+ZT/bK2huX+W+NJBEBVzjTkhjSTjcyRdxvS1gwWRuXqAml/sh+KQjPV1PPHF YK5LcqLkle+OKTCa82OvUb7cr+ALxATIZXQkgmn+zFT8UzSS3aiBBohg3BtbTIWy51jNlYdy ezUZ4UxKSsFuUTPt+JjHQBvF7WKbmNGS3fCid5Iag4tWOfZoqiCNzxApkVugltxoc6rG2TyX CmI2rP0mQ0GOsGXA3+3c1MCdQFzdIn/5tLBZyKy4F54UFo35eOX8/g7OaE+xrgY/4bZjpxC1 1pd66AAtKb3aNXpHvIfkVV6NYloo52H+FUE5ZDPNCGD0/btFGPWmWRmkPybzColTy7fmPaGz cBcEEqHK4T0aY4UJmE7Ylvg255Kz7s6wGZe6IR3N0cKNv++O7QARAQABtCVGZXJydWggWWln aXQgPGZlcnJ1aC55aWdpdEBpbnRlbC5jb20+iQJVBBMBAgA/AhsDBgsJCAcDAgYVCAIJCgsE FgIDAQIeAQIXgBYhBNI2U4dCLsKE45mBx/kz60PfE2EfBQJbughWBQkHwjOGAAoJEPkz60Pf E2Eft84QAIbKWqhgqRfoiw/BbXbA1+qm2o4UgkCRQ0yJgt9QsnbpOmPKydHH0ixCliNz1J8e mRXCkMini1bTpnzp7spOjQGLeAFkNFz6BMq8YF2mVWbGEDE9WgnAxZdi0eLY7ZQnHbE6AxKL SXmpe9INb6z3ztseFt7mqje/W/6DWYIMnH3Yz9KzxujFWDcq8UCAvPkxVQXLTMpauhFgYeEx Nub5HbvhxTfUkapLwRQsSd/HbywzqZ3s/bbYMjj5JO3tgMiM9g9HOjv1G2f1dQjHi5YQiTZl 1eIIqQ3pTic6ROaiZqNmQFXPsoOOFfXF8nN2zg8kl/sSdoXWHhama5hbwwtl1vdaygQYlmdK H2ueiFh/UvT3WG3waNv2eZiEbHV8Rk52Xyn2w1G90lV0fYC6Ket1Xjoch7kjwbx793Kz/RfQ rmBY8/S4DTGn3oq3dMdQY+b6+7VMUeLMMh2CXYO9ErkOq+qNTD1IY+cBAkXnaDbQfz0zbste ZGWH74FAZ9nCpDOqbRTrBL42aMGhfOWEyeA1x7+hl6JZfabBWAuf4nnCXuorKHzBXTrf7u7p fXsKQClWRW77PF1VmzrtKNVSytQAmlCWApQIw20AarFipXmVdIjHmJPU611WoyxZPb4JTOxx 5cv9B+nr/RIB+v5dcStyHCCwO1be7nBDdCgd4F6kTQPLuQINBFfWTL4BEACnNA29e8TarUsB L5n6eLZHXcFvVwNLVlirWOClHXf44o2KnN3ww+eBEmKVfEFo9MSuGDNHS8Zw1NiGMYxLIUgd U6gGrVVs/VrQWL82pbMk6jCj98N+BXIri+6K1z+AImz7ax7iF1kDgRAnFWU0znWWBgM2mM8Y gDjcxfXk4sCKnvf6Gjo08Ey5zmqx7dekAKU2EEp8Q1EJY3jbymLdZWRP4AFFMTS1rGMk0/tt v71NBg1GobCcbNfn9chK/jhqxYhAJqq86RdJQkt3/9x1U1Oq0vXCt4JVVHmkxePtUiuWTTt+ aYlUAsKYZsWvncExvw77x2ArYDmaK0yfjh37wp0lY7DOJHFxoyT8tyWZlLci/VMRG2Ja33xj 0CN4C1yBg+QDeV3QFxQo42iA/ykdXPUR3ezmsND3XKvVLTC4DNb3V/EZQ7jBj64+bEK0VW4G B31VP00ApNQvSoczsIOAKdk97RNbpmPw6q10ILIB+9T1xbnFYzshzGF17oC0/GENIHATx8vZ masOZoDiOZQpeneLgnFE9JfzhLTxv6wNZcc/HLXRQVTkDsQr8ERtkAoHCf1E5+b5Yr7pfnE4 YuhET746o25S53ELUYPIs49qoJsEJL34/oexMfPGyPIlrbufiNyty5jc/1MRwUlhJlJ5IOHy ZUa+6CLR7GdImusFkPJUJwARAQABiQI8BBgBAgAmAhsMFiEE0jZTh0IuwoTjmYHH+TPrQ98T YR8FAlu6CHAFCQXE7zIACgkQ+TPrQ98TYR9nXxAAqNBgkYNyGuWUuy0GwDQCbu3iiMyH1+D7 llafPcK4NYy1Z4AYuVwC9nmLaoj+ozdqS3ncRo57ncRsKEJC46nDJJZYZ5LSJVn63Y3NBF86 lxQAgjj2oyZEwaLKtKbAFsXL43jv1pUGgSvWwYtDwHITXXFQto9rZEuUDRFSx4sg9OR+Q6/6 LY+nQQ3OdHlBkflzYMPcWgDcvcTAO6yasLEUf7UcYoSWTyMYjLB4QuNlXzTswzGVMssJF/vo V8lD1eqqaSUWG3STF6GVLQOr1NLvN5+kUBiEStHFxBpgSCvYY9sNV8FS6N24CAWMBl+10W+D 2h1yiiP5dOdPcBDYKsgqDD91/sP0WdyMJkwdQJtD49f9f+lYloxHnSAxMleOpyscg1pldw+i mPaUY1bmIknLhhkqfMmjywQOXpac5LRMibAAYkcB8v7y3kwELnt8mhqqZy6LUsqcWygNbH/W K3GGt5tRpeIXeJ25x8gg5EBQ0Jnvp/IbBYQfPLtXH0Myq2QuAhk/1q2yEIbVjS+7iowEZNyE 56K63WBJxsJPB2mvmLgn98GqB4G6GufP1ndS0XDti/2K0o8rep9xoY/JDGi0n0L0tk9BHyoP Y7kaEpu7UyY3nVdRLe5H1/MnFG8hdJ97WqnPS0buYZlrbTV0nRFL/NI2VABl18vEEXvNQiO+ vM8= Message-ID: <96fe0a31-215e-e6e6-96b0-540ca666951b@intel.com> Date: Wed, 13 Mar 2019 14:07:37 +0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Subject: Re: [dpdk-dev] [dpdk-stable] [PATCH] test/eventdev: fix sprintf with snprintf X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Mar 2019 14:07:41 -0000 On 3/13/2019 1:43 PM, Aaron Conole wrote: > Ferruh Yigit writes: > >> On 3/12/2019 2:44 PM, Aaron Conole wrote: >>> "Parthasarathy, JananeeX M" writes: >>> >>>> Hi >>>> >>>>> -----Original Message----- >>>>> From: Parthasarathy, JananeeX M >>>>> Sent: Tuesday, February 19, 2019 6:33 PM >>>>> To: Aaron Conole ; Poornima, PallantlaX >>>>> >>>>> Cc: dev@dpdk.org; Pattan, Reshma ; Rao, Nikhil >>>>> ; stable@dpdk.org >>>>> Subject: RE: [dpdk-dev] [PATCH] test/eventdev: fix sprintf with snprintf >>>>> >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Aaron Conole >>>>>> Sent: Saturday, February 09, 2019 2:50 AM >>>>>> To: Poornima, PallantlaX >>>>>> Cc: dev@dpdk.org; Pattan, Reshma ; Rao, Nikhil >>>>>> ; stable@dpdk.org >>>>>> Subject: Re: [dpdk-dev] [PATCH] test/eventdev: fix sprintf with >>>>>> snprintf >>>>>> >>>>>> Pallantla Poornima writes: >>>>>> >>>>>>> sprintf function is not secure as it doesn't check the length of string. >>>>>>> More secure function snprintf is used. >>>>>>> >>>>>>> Fixes: 2a9c83ae3b ("test/eventdev: add multi-ports test") >>>>>>> Cc: stable@dpdk.org >>>>>>> >>>>>>> Signed-off-by: Pallantla Poornima >>>>>>> --- >>>>>>> test/test/test_event_eth_rx_adapter.c | 3 ++- >>>>>>> 1 file changed, 2 insertions(+), 1 deletion(-) >>>>>>> >>>>>>> diff --git a/test/test/test_event_eth_rx_adapter.c >>>>>>> b/test/test/test_event_eth_rx_adapter.c >>>>>>> index 1d3be82b5..38f5c039f 100644 >>>>>>> --- a/test/test/test_event_eth_rx_adapter.c >>>>>>> +++ b/test/test/test_event_eth_rx_adapter.c >>>>>>> @@ -479,7 +479,8 @@ adapter_multi_eth_add_del(void) >>>>>>> /* add the max port for rx_adapter */ >>>>>>> port_index = rte_eth_dev_count_total(); >>>>>>> for (; port_index < RTE_MAX_ETHPORTS; port_index += 1) { >>>>>>> - sprintf(driver_name, "%s%u", "net_null", drv_id); >>>>>>> + snprintf(driver_name, sizeof(driver_name), "%s%u", "net_null", >>>>>>> + drv_id); >>>>>>> err = rte_vdev_init(driver_name, NULL); >>>>>>> TEST_ASSERT(err == 0, "Failed driver %s got %d", >>>>>>> driver_name, err); >>>>>> >>>>>> You call this a fix, but it's not possible for the value of drv_id to >>>>>> exceed '32' and the buffer size is plenty accommodating for that. Did >>>>>> I miss something? What is this fixing? >>>>> >>>>> It is better practice to use snprintf although in this case buffer will not overflow >>>>> as size is big enough to accommodate. The changes were done mainly to >>>>> replace sprintf to snprintf. Probably we can remove "fix" line as it is not issue in >>>>> this scenario. >>>>> >>>>> Thanks >>>>> M.P.Jananee >>>> >>>> Please suggest if we can remove "fix" line. >>> >>> This is a stylistic change, I don't think it's appropriate to call it a >>> fix, so I think you can remove the "Fixes" line. >>> >>> On further reflection, I actually think it will still be wrong. If the >>> size buffer is ever changed, what will happen on truncation? We don't >>> get an overflow any longer, but we still pass an invalid argument, so I >>> don't think this 'fix' is really even a fix. It still has a bug - >>> albeit not one that immediately triggers SSP exception or stack >>> overflow. >>> >>> Makes sense? >> >> Hi Aaron, >> >> I see your point and I agree that existing code is not broken, it is functioning >> well as it is. >> >> But we are fixing a possible issue, or lets say fixing using less secure API >> although it doesn't cause any problem right now. Perhaps we can update the patch >> title slightly [1] but I am for keeping the fix and I think it makes sense to >> keep "Fixes" tag so that this update can be backported to stable trees. > > I can get behind changing the sprintf to snprintf, since it is a better > API - but it needs to handle the return value properly (otherwise, in > this case we will specify an incorrect device). I can even > understanding calling it a fix, it's metadata and is probably needed > from some kind of compliance anyway. > > I also understand that this is in test suite, but people usually copy > code from test suites and that means the flaw at some point will be > propagated. So I still think it should be a version which checks the > return code. Otherwise in production if this is copied, and if I can > figure out how to overflow the counter knowing the buffer boundaries, > then there is a fixed device that will always be chosen. > > I think it goes for all the other 's/sprintf\(/snprintf\)' replacements, > too. Maybe I misunderstand something? These patches focus on preventing possible buffer overflow, the impact of possible truncation changes case by case I think, like for this case I don't see much benefit of adding return value check. For all cases I expect truncation trigger a functional error which should be already handled properly, like in this case 'rte_vdev_init()' will fail in second call if buffer is small. There may be cases to check the return value, but that should be the case with 'sprintf' as well, changing API to 'snprintf' shouldn't require additional check by default.