[dpdk-dev] examples/vm_power_manager: buffer not null terminated
Commit Message
CID30691:
If the buffer is treated as a null terminated string in later operations,
a buffer overflow or over-read may occur.
In add_vm: The string buffer may not have a null terminator if the source
string's length is equal to the buffer size
Fixes: e8ae9b662506 ("examples/vm_power: channel manager and monitor in host")
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
---
examples/vm_power_manager/channel_manager.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Comments
2016-04-12 17:13, Daniel Mrzyglod:
> CID30691:
> If the buffer is treated as a null terminated string in later operations,
> a buffer overflow or over-read may occur.
[...]
> --- a/examples/vm_power_manager/channel_manager.c
> +++ b/examples/vm_power_manager/channel_manager.c
> - strncpy(new_domain->name, vm_name, sizeof(new_domain->name));
> + strncat(new_domain->name, vm_name, sizeof(new_domain->name) -
> + strlen(new_domain->name) - 1);
It looks to be a copy paste of a ready-to-use replacement of strncpy.
Why not just do new_domain->name[sizeof(new_domain->name) - 1] = 0 ?
@@ -666,7 +666,8 @@ add_vm(const char *vm_name)
rte_free(new_domain);
return -1;
}
- strncpy(new_domain->name, vm_name, sizeof(new_domain->name));
+ strncat(new_domain->name, vm_name, sizeof(new_domain->name) -
+ strlen(new_domain->name) - 1);
new_domain->channel_mask = 0;
new_domain->num_channels = 0;