diff mbox

[dpdk-dev] examples/vhost_scsi: fix buffer not terminated

Message ID	20170922130959.13484-1-michalx.k.jastrzebski@intel.com (mailing list archive)
State	Superseded, archived
Delegated to:	Maxime Coquelin
Headers	From: Michal Jastrzebski <michalx.k.jastrzebski@intel.com> To: yliu@fridaylinux.org, maxime.coquelin@redhat.com Cc: dev@dpdk.org, deepak.k.jain@intel.com, Jacek Piasecki <jacekx.piasecki@intel.com>, changpeng.liu@intel.com, stable@dpdk.org Date: Fri, 22 Sep 2017 15:09:59 +0200 Message-Id: <20170922130959.13484-1-michalx.k.jastrzebski@intel.com> Subject: [dpdk-dev] [PATCH] examples/vhost_scsi: fix buffer not terminated Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK

Commit Message

Michal Jastrzebski Sept. 22, 2017, 1:09 p.m. UTC

  From: Jacek Piasecki <jacekx.piasecki@intel.com>

Fix size of buffer in strcpy. There was possible to get
not terminated string after copy operation.

Coverity issue: 158629
Fixes: db75c7af19bb ("examples/vhost_scsi: introduce a new sample app")
Cc: changpeng.liu@intel.com
Cc: stable@dpdk.org

Signed-off-by: Jacek Piasecki <jacekx.piasecki@intel.com>
---
 examples/vhost_scsi/vhost_scsi.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Michal Jastrzebski Oct. 2, 2017, 1:53 p.m. UTC | #1

> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Michal Jastrzebski
> Sent: Friday, September 22, 2017 3:10 PM
> To: yliu@fridaylinux.org; maxime.coquelin@redhat.com
> Cc: dev@dpdk.org; Jain, Deepak K <deepak.k.jain@intel.com>; Piasecki,
> JacekX <jacekx.piasecki@intel.com>; Liu, Changpeng
> <changpeng.liu@intel.com>; stable@dpdk.org
> Subject: [dpdk-dev] [PATCH] examples/vhost_scsi: fix buffer not terminated
> 
> From: Jacek Piasecki <jacekx.piasecki@intel.com>
> 
> Fix size of buffer in strcpy. There was possible to get
> not terminated string after copy operation.
> 
> Coverity issue: 158629
> Fixes: db75c7af19bb ("examples/vhost_scsi: introduce a new sample app")
> Cc: changpeng.liu@intel.com
> Cc: stable@dpdk.org
> 
> Signed-off-by: Jacek Piasecki <jacekx.piasecki@intel.com>
> ---
>  examples/vhost_scsi/vhost_scsi.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/examples/vhost_scsi/vhost_scsi.c
> b/examples/vhost_scsi/vhost_scsi.c
> index b4f1f8d..b1a8c93 100644
> --- a/examples/vhost_scsi/vhost_scsi.c
> +++ b/examples/vhost_scsi/vhost_scsi.c
> @@ -186,8 +186,9 @@ static uint64_t gpa_to_vva(int vid, uint64_t gpa)
>  	if (!bdev)
>  		return NULL;
> 
> -	strncpy(bdev->name, bdev_name, sizeof(bdev->name));
> -	strncpy(bdev->product_name, bdev_serial, sizeof(bdev-
> >product_name));
> +	strncpy(bdev->name, bdev_name, sizeof(bdev->name) - 1);
> +	strncpy(bdev->product_name, bdev_serial,
> +			sizeof(bdev->product_name) - 1);
>  	bdev->blocklen = blk_size;
>  	bdev->blockcnt = blk_cnt;
>  	bdev->write_cache = wce_enable;
> --
> 1.9.1

Hi Yu / Maxime,
I would like to ask for a feedback regarding proposed fix.
If everything is ok with it, please send acked-by.

Best regards
Michal.

Michal Jastrzebski Oct. 11, 2017, 1:45 p.m. UTC | #2

> -----Original Message-----
> From: Jastrzebski, MichalX K
> Sent: Monday, October 2, 2017 3:53 PM
> To: Jastrzebski, MichalX K <michalx.k.jastrzebski@intel.com>;
> yliu@fridaylinux.org; maxime.coquelin@redhat.com
> Cc: dev@dpdk.org; Jain, Deepak K <deepak.k.jain@intel.com>; Piasecki,
> JacekX <jacekx.piasecki@intel.com>; Liu, Changpeng
> <changpeng.liu@intel.com>; stable@dpdk.org
> Subject: RE: [dpdk-dev] [PATCH] examples/vhost_scsi: fix buffer not
> terminated
> 
> > -----Original Message-----
> > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Michal
> Jastrzebski
> > Sent: Friday, September 22, 2017 3:10 PM
> > To: yliu@fridaylinux.org; maxime.coquelin@redhat.com
> > Cc: dev@dpdk.org; Jain, Deepak K <deepak.k.jain@intel.com>; Piasecki,
> > JacekX <jacekx.piasecki@intel.com>; Liu, Changpeng
> > <changpeng.liu@intel.com>; stable@dpdk.org
> > Subject: [dpdk-dev] [PATCH] examples/vhost_scsi: fix buffer not
> terminated
> >
> > From: Jacek Piasecki <jacekx.piasecki@intel.com>
> >
> > Fix size of buffer in strcpy. There was possible to get
> > not terminated string after copy operation.
> >
> > Coverity issue: 158629
> > Fixes: db75c7af19bb ("examples/vhost_scsi: introduce a new sample
> app")
> > Cc: changpeng.liu@intel.com
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Jacek Piasecki <jacekx.piasecki@intel.com>
> > ---
> >  examples/vhost_scsi/vhost_scsi.c | 5 +++--
> >  1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/examples/vhost_scsi/vhost_scsi.c
> > b/examples/vhost_scsi/vhost_scsi.c
> > index b4f1f8d..b1a8c93 100644
> > --- a/examples/vhost_scsi/vhost_scsi.c
> > +++ b/examples/vhost_scsi/vhost_scsi.c
> > @@ -186,8 +186,9 @@ static uint64_t gpa_to_vva(int vid, uint64_t gpa)
> >  	if (!bdev)
> >  		return NULL;
> >
> > -	strncpy(bdev->name, bdev_name, sizeof(bdev->name));
> > -	strncpy(bdev->product_name, bdev_serial, sizeof(bdev-
> > >product_name));
> > +	strncpy(bdev->name, bdev_name, sizeof(bdev->name) - 1);
> > +	strncpy(bdev->product_name, bdev_serial,
> > +			sizeof(bdev->product_name) - 1);
> >  	bdev->blocklen = blk_size;
> >  	bdev->blockcnt = blk_cnt;
> >  	bdev->write_cache = wce_enable;
> > --
> > 1.9.1
> 
> Hi Yu / Maxime,
> I would like to ask for a feedback regarding proposed fix.
> If everything is ok with it, please send acked-by.
> 
> Best regards
> Michal.

Acked-by: Michal Jastrzebski <michalx.k.jastrzebski@intel.com>

Thomas Monjalon May 14, 2018, 7:08 p.m. UTC | #3

22/09/2017 15:09, Michal Jastrzebski:
> From: Jacek Piasecki <jacekx.piasecki@intel.com>
> 
> Fix size of buffer in strcpy. There was possible to get
> not terminated string after copy operation.
> 
> Coverity issue: 158629
> Fixes: db75c7af19bb ("examples/vhost_scsi: introduce a new sample app")
> Cc: changpeng.liu@intel.com
> Cc: stable@dpdk.org
> 
> Signed-off-by: Jacek Piasecki <jacekx.piasecki@intel.com>
> ---
> -	strncpy(bdev->name, bdev_name, sizeof(bdev->name));
> -	strncpy(bdev->product_name, bdev_serial, sizeof(bdev->product_name));
> +	strncpy(bdev->name, bdev_name, sizeof(bdev->name) - 1);
> +	strncpy(bdev->product_name, bdev_serial,
> +			sizeof(bdev->product_name) - 1);

Can it be fixed with strlcpy?

I wonder why recent patch from Reshma is not touching these lines:
	http://dpdk.org/commit/21ce8e44b8d

Pattan, Reshma May 15, 2018, 5:59 a.m. UTC | #4

Hi Thomas,

> Can it be fixed with strlcpy?
> 
> I wonder why recent patch from Reshma is not touching these lines:
> 	http://dpdk.org/commit/21ce8e44b8d
> 

Yes, I remembered now, I fixed only gcc 8.0.1 compilation issues of this file, in which the lines of  code this patch
is fixing is not listed. I totally forgot to replace these lines with strlcpy later on.

Thanks,
Reshma

diff mbox

Patch

diff --git a/examples/vhost_scsi/vhost_scsi.c b/examples/vhost_scsi/vhost_scsi.c
index b4f1f8d..b1a8c93 100644
--- a/examples/vhost_scsi/vhost_scsi.c
+++ b/examples/vhost_scsi/vhost_scsi.c
@@ -186,8 +186,9 @@  static uint64_t gpa_to_vva(int vid, uint64_t gpa)
 	if (!bdev)
 		return NULL;
 
-	strncpy(bdev->name, bdev_name, sizeof(bdev->name));
-	strncpy(bdev->product_name, bdev_serial, sizeof(bdev->product_name));
+	strncpy(bdev->name, bdev_name, sizeof(bdev->name) - 1);
+	strncpy(bdev->product_name, bdev_serial,
+			sizeof(bdev->product_name) - 1);
 	bdev->blocklen = blk_size;
 	bdev->blockcnt = blk_cnt;
 	bdev->write_cache = wce_enable;