From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id 72EC520BD for ; Tue, 22 May 2018 19:59:01 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 May 2018 10:59:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,430,1520924400"; d="scan'208";a="52962445" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by orsmga003.jf.intel.com with ESMTP; 22 May 2018 10:58:59 -0700 Received: from fmsmsx119.amr.corp.intel.com (10.18.124.207) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 22 May 2018 10:58:59 -0700 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by FMSMSX119.amr.corp.intel.com (10.18.124.207) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 22 May 2018 10:58:59 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.210]) by shsmsx102.ccr.corp.intel.com ([169.254.2.79]) with mapi id 14.03.0319.002; Wed, 23 May 2018 01:58:57 +0800 From: "Liu, Changpeng" To: Thomas Monjalon CC: "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer overrun with safe copy API Thread-Index: AQHT7jX/RaZfFm0bIkmm00QgPUCMuaQ7h2uAgACHG2A= Date: Tue, 22 May 2018 17:58:57 +0000 Message-ID: References: <1526599932-13083-1-git-send-email-changpeng.liu@intel.com> <1526599932-13083-2-git-send-email-changpeng.liu@intel.com> <3339436.bIZ7ygsVkQ@xps> In-Reply-To: <3339436.bIZ7ygsVkQ@xps> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMzUzMDM0NGEtMjUzYi00NTRkLWJiMzItMDIwYWYyODUzMGEyIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoibFRwVk1YUGgreWNERVg3Q1VJSmhcL1NaZGVjVHJHRkdSeGR5RWtPR0lcL1FXZkpJd3dXYmNZNE96VVkyZ2tFYW5MIn0= x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.200.100 dlp-reaction: no-action x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential buffer overrun with safe copy API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 May 2018 17:59:01 -0000 > -----Original Message----- > From: Thomas Monjalon [mailto:thomas@monjalon.net] > Sent: Tuesday, May 22, 2018 10:48 AM > To: Liu, Changpeng > Cc: dev@dpdk.org > Subject: Re: [dpdk-dev] [PATCH 2/2] examples/vhost_scsi: fix potential bu= ffer > overrun with safe copy API >=20 > 18/05/2018 01:32, Changpeng Liu: > > Signed-off-by: Changpeng Liu >=20 > Missing explanations. >=20 > > - strlcpy((char *)vpage->params, bdev->name, > > - sizeof(vpage->params)); > > + vhost_strcpy_pad((char *)vpage->params, bdev->name, > > + sizeof(vpage->params), ' '); >=20 > Why do you think vhost_strcpy_pad is safer than strlcpy? A code Coverity issue 279452 reported for strlcpy, so here replace with int= ernal API can avoid it. >=20 > > - strncpy(bdev->name, bdev_name, sizeof(bdev->name)); > > - strncpy(bdev->product_name, bdev_serial, sizeof(bdev->product_name)); > > + snprintf(bdev->name, sizeof(bdev->name), "%s", bdev_name); > > + snprintf(bdev->product_name, sizeof(bdev->product_name), > > + "%s", bdev_serial); >=20 > You should use strlcpy. >=20