diff mbox

[dpdk-dev] examples/vm_power_manager: buffer not null terminated

Message ID 1460473986-3816-1-git-send-email-danielx.t.mrzyglod@intel.com (mailing list archive)
State Superseded, archived
Delegated to: Thomas Monjalon
Headers

Commit Message

Daniel Mrzyglod April 12, 2016, 3:13 p.m. UTC 
  CID30691:
If the buffer is treated as a null terminated string in later operations,
a buffer overflow or over-read may occur.

In add_vm: The string buffer may not have a null terminator if the source
string's length is equal to the buffer size

Fixes: e8ae9b662506 ("examples/vm_power: channel manager and monitor in host")

Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
---
 examples/vm_power_manager/channel_manager.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Thomas Monjalon April 27, 2016, 2:36 p.m. UTC | #1 
2016-04-12 17:13, Daniel Mrzyglod:
> CID30691:
> If the buffer is treated as a null terminated string in later operations,
> a buffer overflow or over-read may occur.
[...]
> --- a/examples/vm_power_manager/channel_manager.c
> +++ b/examples/vm_power_manager/channel_manager.c
> -	strncpy(new_domain->name, vm_name, sizeof(new_domain->name));
> +	strncat(new_domain->name, vm_name, sizeof(new_domain->name) -
> +			strlen(new_domain->name) - 1);

It looks to be a copy paste of a ready-to-use replacement of strncpy.
Why not just do new_domain->name[sizeof(new_domain->name) - 1] = 0 ?
diff mbox

Patch

diff --git a/examples/vm_power_manager/channel_manager.c b/examples/vm_power_manager/channel_manager.c
index 22c2ddd..b9265ce 100644
--- a/examples/vm_power_manager/channel_manager.c
+++ b/examples/vm_power_manager/channel_manager.c
@@ -666,7 +666,8 @@  add_vm(const char *vm_name)
 		rte_free(new_domain);
 		return -1;
 	}
-	strncpy(new_domain->name, vm_name, sizeof(new_domain->name));
+	strncat(new_domain->name, vm_name, sizeof(new_domain->name) -
+			strlen(new_domain->name) - 1);
 	new_domain->channel_mask = 0;
 	new_domain->num_channels = 0;