From: Anoob Joseph <anoobj@marvell.com>
To: "Trahe, Fiona" <fiona.trahe@intel.com>,
Akhil Goyal <akhil.goyal@nxp.com>,
"Doherty, Declan" <declan.doherty@intel.com>,
"De Lara Guarch, Pablo" <pablo.de.lara.guarch@intel.com>,
"Yigit, Ferruh" <ferruh.yigit@intel.com>,
Thomas Monjalon <thomas@monjalon.net>
Cc: Jerin Jacob Kollanukkaran <jerinj@marvell.com>,
"Narayana Prasad Raju Athreya" <pathreya@marvell.com>,
"dev@dpdk.org" <dev@dpdk.org>,
Ankur Dwivedi <adwivedi@marvell.com>
Subject: Re: [dpdk-dev] [PATCH] lib/cryptodev: fix driver name comparison
Date: Sat, 23 Feb 2019 06:11:31 +0000 [thread overview]
Message-ID: <MN2PR18MB28770755A6F90F8380CA5F5ADF780@MN2PR18MB2877.namprd18.prod.outlook.com> (raw)
In-Reply-To: <348A99DA5F5B7549AA880327E580B435896F4E65@IRSMSX101.ger.corp.intel.com>
Hi Fiona,
> -----Original Message-----
> From: Trahe, Fiona <fiona.trahe@intel.com>
> Sent: Friday, February 22, 2019 9:09 PM
> To: Anoob Joseph <anoobj@marvell.com>; Akhil Goyal <akhil.goyal@nxp.com>;
> Doherty, Declan <declan.doherty@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> Cc: Jerin Jacob Kollanukkaran <jerinj@marvell.com>; Narayana Prasad Raju
> Athreya <pathreya@marvell.com>; dev@dpdk.org; Ankur Dwivedi
> <adwivedi@marvell.com>; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: RE: [PATCH] lib/cryptodev: fix driver name comparison
>
> Hi Anoob,
>
> > > > > @@ -542,8 +543,8 @@ rte_cryptodev_get_dev_id(const char *name)
> > > > > return -1;
> > > > >
> > > > > for (i = 0; i < cryptodev_globals.nb_devs; i++)
> > > > > - if ((strcmp(cryptodev_globals.devs[i].data->name, name)
> > > > > - == 0) &&
> > > > > + if ((strncmp(cryptodev_globals.devs[i].data->name,
> name,
> > > > > + RTE_CRYPTODEV_NAME_MAX_LEN)
> == 0)
> > > &&
> > > [Fiona] Is this safe? The const passed to this may not be the full
> > > length of RTE_CRYPTODEV_NAME_MAX_LEN. Does this prototype need to
> > > specify that a full length const filled with trailing zeros must be
> > > passed in? And if so is this an ABI breakage?
> > >
> >
> > [Anoob] strcmp itself is not safe when we have buffers which are not
> > NULL terminated. Strncmp will make sure the check won't exceed
> RTE_CRYPTODEV_NAME_MAX_LEN.
> >
> > From man page, "The strncmp() function is similar, except it only
> > compares the first (at most) n bytes of
> > s1 and s2."
> >
> > The main issue here is the usage of strncmp with strlen(driver_name),
> > as in the below cases. Strlen will return string length, which doesn't
> > include \0. strcmp is good enough to fix the issue. But usage of
> > strcmp would assume that the const is filled with trailing zero. IMO, none of
> these options are really safe. So please advise on what would be the best
> solution here. I'll revise the patch accordingly.
> [Fiona] I agree and think it is safest as you've coded it. However I'd suggest
> adding a comment on the relevant APIs saying that the string must be passed in
> in a buffer of size <use relevant #define> with trailing zeros.
[Anoob] Do you want this patch to address that? And wouldn't specifying something like that explicitly, be an ABI breakage?
Also, I think the same is applicable for other similar functions (rte_eth_dev_get_port_by_name() etc), wherever we expect a string. Please do share your thoughts on what all I should include in this patch.
Thanks,
Anoob
next prev parent reply other threads:[~2019-02-23 6:11 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-04 11:26 Anoob Joseph
2019-02-20 15:41 ` Anoob Joseph
2019-02-21 17:03 ` Trahe, Fiona
2019-02-22 4:47 ` Anoob Joseph
2019-02-22 15:39 ` Trahe, Fiona
2019-02-23 6:11 ` Anoob Joseph [this message]
2019-02-25 11:52 ` Trahe, Fiona
2019-02-28 6:48 ` Anoob Joseph
2019-02-28 8:51 ` Akhil Goyal
2019-02-28 9:27 ` Anoob Joseph
2019-02-28 10:20 ` Akhil Goyal
2019-02-28 14:30 ` Trahe, Fiona
2019-03-01 6:24 ` Anoob Joseph
2019-03-07 5:51 ` Anoob Joseph
2019-03-11 5:55 ` [dpdk-dev] [PATCH v2] " Anoob Joseph
2019-03-11 10:41 ` Trahe, Fiona
2019-03-19 4:38 ` Anoob Joseph
2019-03-19 4:38 ` Anoob Joseph
2019-03-19 13:42 ` Akhil Goyal
2019-03-19 13:42 ` Akhil Goyal
2019-03-19 14:06 ` Akhil Goyal
2019-03-19 14:06 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MN2PR18MB28770755A6F90F8380CA5F5ADF780@MN2PR18MB2877.namprd18.prod.outlook.com \
--to=anoobj@marvell.com \
--cc=adwivedi@marvell.com \
--cc=akhil.goyal@nxp.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=fiona.trahe@intel.com \
--cc=jerinj@marvell.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=pathreya@marvell.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).