From: "Kuusisaari, Juhamatti (Coriant - FI/Espoo)" <juhamatti.kuusisaari@coriant.com>
To: Gaetan Rivet <gaetan.rivet@6wind.com>, "dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH v1] eal: add strscpy function
Date: Tue, 11 Sep 2018 10:17:53 +0000 [thread overview]
Message-ID: <VI1PR0402MB2925CBB67AAE319E808478AC9D040@VI1PR0402MB2925.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <20180911100419.19168-1-gaetan.rivet@6wind.com>
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Gaetan Rivet
> Sent: Tuesday, September 11, 2018 1:04 PM
> To: dev@dpdk.org
> Cc: Gaetan Rivet <gaetan.rivet@6wind.com>
> Subject: [dpdk-dev] [PATCH v1] eal: add strscpy function
>
> The strncpy function has long been deemed unsafe for use,
> in favor of strlcpy or snprintf.
>
> While snprintf is standard and strlcpy is still largely available,
> they both have issues regarding error checking and performance.
>
> Both will force reading the source buffer past the requested size
> if the input is not a proper c-string, and will return the expected
> number of bytes copied, meaning that error checking needs to verify
> that the number of bytes copied is not superior to the destination
> size.
>
> This contributes to awkward code flow, unclear error checking and
> potential issues with malformed input.
>
> The function strscpy has been discussed for some time already and
> has been made available in the linux kernel[1].
>
> Propose this new function as a safe alternative.
>
> [1]:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i
> d=30c44659f4a3e7e1f9f47e895591b4b40bf62671
>
> Signed-off-by: Gaetan Rivet <gaetan.rivet@6wind.com>
> ---
>
> I agree with the original email, here is a proposed implementation.
> I have added the function as part of 18.11 API proper, because this API
> is definitely not meant to change.
>
> This is not meant to be enforced on existing code, or even on new code.
> But I think it is better to have it available.
>
> lib/librte_eal/common/eal_common_string_fns.c | 30
> +++++++++++++++++++
> .../common/include/rte_string_fns.h | 23 ++++++++++++++
> lib/librte_eal/rte_eal_version.map | 7 +++++
> 3 files changed, 60 insertions(+)
>
> diff --git a/lib/librte_eal/common/eal_common_string_fns.c
> b/lib/librte_eal/common/eal_common_string_fns.c
> index 6ac5f8289..8a34d2422 100644
> --- a/lib/librte_eal/common/eal_common_string_fns.c
> +++ b/lib/librte_eal/common/eal_common_string_fns.c
> @@ -38,3 +38,33 @@ rte_strsplit(char *string, int stringlen,
> errno = EINVAL;
> return -1;
> }
> +
> +/* Copy src string into dst.
> + *
> + * Return negative value and NUL-terminate if dst is too short,
> + * Otherwise return number of bytes copied.
> + */
> +ssize_t
> +strscpy(char *dst, const char *src, size_t dsize)
> +{
> + const char *osrc = src;
> + size_t nleft = dsize;
> +
> + /* Copy as many bytes as will fit. */
> + if (nleft != 0) {
> + while (--nleft != 0) {
> + if ((*dst++ = *src++) == '\0')
> + break;
> + }
> + }
> +
> + /* Not enough room in dst, add NUL and return error. */
> + if (nleft == 0) {
> + if (dsize != 0)
> + *dst = '\0';
> + return -E2BIG;
> + }
> +
> + /* count does not include NUL */
> + return (src - osrc - 1);
> +}
> diff --git a/lib/librte_eal/common/include/rte_string_fns.h
> b/lib/librte_eal/common/include/rte_string_fns.h
> index 97597a148..46dd919b4 100644
> --- a/lib/librte_eal/common/include/rte_string_fns.h
> +++ b/lib/librte_eal/common/include/rte_string_fns.h
> @@ -76,6 +76,29 @@ rte_strlcpy(char *dst, const char *src, size_t size)
> #endif /* RTE_USE_LIBBSD */
> #endif /* BSDAPP */
>
> +/**
> + * Copy string src to buffer dst of size dsize.
> + * At most dsize-1 chars will be copied.
> + * Always NUL-terminates, unless (dsize == 0).
> + * Returns number of bytes copied (terminating NUL-byte excluded) on
> success.
> + * Negative errno on error.
> + *
> + * @param dst
> + * The destination string.
> + *
> + * @param src
> + * The input string to be copied.
> + *
> + * @param dsize
> + * Length in bytes of the destination buffer.
> + *
> + * @return
> + * The number of bytes copied on success
> + * -E2BIG if the destination buffer is too small.
> + */
> +ssize_t
> +strscpy(char *dst, const char *src, size_t dsize);
> +
> #ifdef __cplusplus
> }
> #endif
> diff --git a/lib/librte_eal/rte_eal_version.map
> b/lib/librte_eal/rte_eal_version.map
> index 344a43d32..fc7b50669 100644
> --- a/lib/librte_eal/rte_eal_version.map
> +++ b/lib/librte_eal/rte_eal_version.map
> @@ -262,6 +262,13 @@ DPDK_18.08 {
>
> } DPDK_18.05;
>
> +DPDK_18.11 {
> + global:
> +
> + strscpy;
> +
> +} DPDK_18.08;
> +
> EXPERIMENTAL {
> global:
Acked-by: Juhamatti Kuusisaari <juhamatti.kuusisaari@coriant.com>
> --
> 2.18.0
next prev parent reply other threads:[~2018-09-11 10:17 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-11 5:33 [dpdk-dev] strscpy() support to DPDK? Kuusisaari, Juhamatti (Coriant - FI/Espoo)
2018-09-11 10:04 ` [dpdk-dev] [PATCH v1] eal: add strscpy function Gaetan Rivet
2018-09-11 10:17 ` Kuusisaari, Juhamatti (Coriant - FI/Espoo) [this message]
2018-09-11 15:00 ` [dpdk-dev] [PATCH v2] " Gaetan Rivet
2018-09-12 13:29 ` Ferruh Yigit
2018-09-19 9:41 ` Thomas Monjalon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=VI1PR0402MB2925CBB67AAE319E808478AC9D040@VI1PR0402MB2925.eurprd04.prod.outlook.com \
--to=juhamatti.kuusisaari@coriant.com \
--cc=dev@dpdk.org \
--cc=gaetan.rivet@6wind.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).