From: "Liu, Changpeng" <changpeng.liu@intel.com>
To: Thomas Monjalon <thomas@monjalon.net>
Cc: "dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer overrun with safe copy API
Date: Tue, 22 May 2018 17:58:57 +0000 [thread overview]
Message-ID: <FF7FC980937D6342B9D289F5F3C7C2625B65CCE8@SHSMSX103.ccr.corp.intel.com> (raw)
In-Reply-To: <3339436.bIZ7ygsVkQ@xps>
> -----Original Message-----
> From: Thomas Monjalon [mailto:thomas@monjalon.net]
> Sent: Tuesday, May 22, 2018 10:48 AM
> To: Liu, Changpeng <changpeng.liu@intel.com>
> Cc: dev@dpdk.org
> Subject: Re: [dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer
> overrun with safe copy API
>
> 18/05/2018 01:32, Changpeng Liu:
> > Signed-off-by: Changpeng Liu <changpeng.liu@intel.com>
>
> Missing explanations.
>
> > - strlcpy((char *)vpage->params, bdev->name,
> > - sizeof(vpage->params));
> > + vhost_strcpy_pad((char *)vpage->params, bdev->name,
> > + sizeof(vpage->params), ' ');
>
> Why do you think vhost_strcpy_pad is safer than strlcpy?
A code Coverity issue 279452 reported for strlcpy, so here replace with internal API can avoid it.
>
> > - strncpy(bdev->name, bdev_name, sizeof(bdev->name));
> > - strncpy(bdev->product_name, bdev_serial, sizeof(bdev->product_name));
> > + snprintf(bdev->name, sizeof(bdev->name), "%s", bdev_name);
> > + snprintf(bdev->product_name, sizeof(bdev->product_name),
> > + "%s", bdev_serial);
>
> You should use strlcpy.
>
next prev parent reply other threads:[~2018-05-22 17:59 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-17 23:32 [dpdk-dev] [PATCH 1/2] examples/vhost_scsi: add virtio-1.0 feature bit support Changpeng Liu
2018-05-17 23:32 ` [dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer overrun with safe copy API Changpeng Liu
2018-05-22 17:47 ` Thomas Monjalon
2018-05-22 17:58 ` Liu, Changpeng [this message]
2018-05-22 18:18 ` Thomas Monjalon
2018-05-18 12:35 ` [dpdk-dev] [PATCH 1/2] examples/vhost_scsi: add virtio-1.0 feature bit support Maxime Coquelin
2018-05-22 17:51 ` Thomas Monjalon
2018-05-22 20:33 ` Thomas Monjalon
2018-05-22 20:45 ` Liu, Changpeng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=FF7FC980937D6342B9D289F5F3C7C2625B65CCE8@SHSMSX103.ccr.corp.intel.com \
--to=changpeng.liu@intel.com \
--cc=dev@dpdk.org \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).