From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi0-f66.google.com (mail-oi0-f66.google.com [209.85.218.66]) by dpdk.org (Postfix) with ESMTP id 5CE08B449 for ; Wed, 22 Jun 2016 08:46:28 +0200 (CEST) Received: by mail-oi0-f66.google.com with SMTP id w141so1754205oia.0 for ; Tue, 21 Jun 2016 23:46:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=LE47QyJQRYZFknzPydrFmYf+PRAHM06LOHT1T6dtu4M=; b=uoi3SmhSeojF4yjNuAAQkz4iYWmjIuW1zQRo7XeGlAvBpioaNWunp4BLt/HM9Oc0i+ spb5trxHhR98v8NPddUtQUhnJ5FSSEuRR6w/95LGMsl5rF1rC2pZv36Ow8CDd4C3qexc a8Ay8VuQcSm8jBUrvLK4I0R9Wl6/3FKx86Xcvcil4IJjGKk5tS+adow2FkDvJVNpysP+ gB/AfCLmOgFUE+JfRZZM+lCngtx0mPYAouLcyICWgsON1zL6sScQUrju2hdP+ZtOLuj7 p5gG9yA1SZCG3m0Y18HPh5dCQoE6iZ90Y/W6ToUcGpNdruRQT8ptVsu6tNPW+M7AzWj8 dbmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=LE47QyJQRYZFknzPydrFmYf+PRAHM06LOHT1T6dtu4M=; b=VVnVZQjCXSGcgwf62e7EMUOr2qLBZxehSFC2VlTOQpFnZe+qhC0TFIIwu34zLP6wuq eRDZBPNLZOe+bltg4/c4qPKkwYxOd5QEsAQqOr7nXisb/oskZmD0nbz6o15OWSyuxvzf Jt7Xan0WSCsB7Z/R6jGTF1UDBbTwHkNBO5Z55JU2nimS742AzRjwZB0nTg4eNAO3JGOQ HTmIK+YYAy2ZRo3JOVrddRjmDvm19sx5tllVuxK1sm5X8V5svbtNtBRMTzCPZCMtg9SA 7pKoAoMx/4cWzqM5tujzW75mgymftqK6JMpI8wi5vSWdLIay4D6G7p6ay/YYFFevYbrL 9vtQ== X-Gm-Message-State: ALyK8tJzBQNdwZpQXP5Z+N/ugwQyGD99tEiVz+eJjhKUfpqS94QvmA52Rpmeqvj8o3NRDFFcWAPwhHMfV26/wA== X-Received: by 10.157.31.22 with SMTP id x22mr841332otd.15.1466577987859; Tue, 21 Jun 2016 23:46:27 -0700 (PDT) MIME-Version: 1.0 Received: by 10.202.59.67 with HTTP; Tue, 21 Jun 2016 23:46:27 -0700 (PDT) In-Reply-To: <57697789.6050500@intel.com> References: <1466522285-15023-1-git-send-email-reshma.pattan@intel.com> <1466522285-15023-4-git-send-email-reshma.pattan@intel.com> <57697789.6050500@intel.com> From: Anupam Kapoor Date: Wed, 22 Jun 2016 12:16:27 +0530 Message-ID: To: Ferruh Yigit Cc: Reshma Pattan , dev@dpdk.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: Re: [dpdk-dev] [PATCH 3/3] app/pdump: fix string overflow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jun 2016 06:46:28 -0000 > if (!strcmp(key, PDUMP_RX_DEV_ARG)) { > - strncpy(pt->rx_dev, value, strlen(value)); > + strncpy(pt->rx_dev, value, sizeof(pt->rx_dev)-1); I guess size-1 is to give room for terminating null byte, but for this case is it guarantied that pt->rx_dev last byte is NULL? why not just use a snprintf(...) here since it has better error behavior ? although compared to str*cpy it might be a bit slow, but hopefully that should be ok ? -- thanks anupam On Tue, Jun 21, 2016 at 10:51 PM, Ferruh Yigit wrote: > On 6/21/2016 4:18 PM, Reshma Pattan wrote: > > using source length in strncpy can cause destination > > overflow if destination length is not big enough to > > handle the source string. Changes are made to use destination > > size instead of source length in strncpy. > > > > Coverity issue 127351: string overflow > > > > Fixes: caa7028276b8 ("app/pdump: add tool for packet capturing") > > > > Signed-off-by: Reshma Pattan > > --- > > app/pdump/main.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/app/pdump/main.c b/app/pdump/main.c > > index f8923b9..af92ef3 100644 > > --- a/app/pdump/main.c > > +++ b/app/pdump/main.c > > @@ -217,12 +217,12 @@ parse_rxtxdev(const char *key, const char *value, > void *extra_args) > > struct pdump_tuples *pt = extra_args; > > > > if (!strcmp(key, PDUMP_RX_DEV_ARG)) { > > - strncpy(pt->rx_dev, value, strlen(value)); > > + strncpy(pt->rx_dev, value, sizeof(pt->rx_dev)-1); > > I guess size-1 is to give room for terminating null byte, but for this > case is it guarantied that pt->rx_dev last byte is NULL? > > -- In the beginning was the lambda, and the lambda was with Emacs, and Emacs was the lambda.