[v1] examples/vm_power: fix strcpy buffer overrun
Checks
Commit Message
replace strcpy with rte_strlcpy to prevent buffer overrun
With fix, attempting to use a VERY lonng vm name results in a nicely
truncated 32 character name rather than a segfault:
Setting VM Name to [sdfdsfsfsdffdsdsasdsadasdakjshd]
Cc: stable@dpdk.org
Fixes: 59287933a0bb ("examples/vm_power: add options to guest app")
Signed-off-by: David Hunt <david.hunt@intel.com>
---
examples/vm_power_manager/guest_cli/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On 12-Jul-19 3:04 PM, David Hunt wrote:
> replace strcpy with rte_strlcpy to prevent buffer overrun
> With fix, attempting to use a VERY lonng vm name results in a nicely
> truncated 32 character name rather than a segfault:
> Setting VM Name to [sdfdsfsfsdffdsdsasdsadasdakjshd]
>
> Cc: stable@dpdk.org
> Fixes: 59287933a0bb ("examples/vm_power: add options to guest app")
> Signed-off-by: David Hunt <david.hunt@intel.com>
> ---
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
On Fri, Jul 12, 2019 at 03:04:02PM +0100, David Hunt wrote:
> replace strcpy with rte_strlcpy to prevent buffer overrun
> With fix, attempting to use a VERY lonng vm name results in a nicely
> truncated 32 character name rather than a segfault:
> Setting VM Name to [sdfdsfsfsdffdsdsasdsadasdakjshd]
>
> Cc: stable@dpdk.org
> Fixes: 59287933a0bb ("examples/vm_power: add options to guest app")
> Signed-off-by: David Hunt <david.hunt@intel.com>
> ---
> examples/vm_power_manager/guest_cli/main.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/examples/vm_power_manager/guest_cli/main.c b/examples/vm_power_manager/guest_cli/main.c
> index 36365b124..a18eb214a 100644
> --- a/examples/vm_power_manager/guest_cli/main.c
> +++ b/examples/vm_power_manager/guest_cli/main.c
> @@ -65,7 +65,7 @@ parse_args(int argc, char **argv)
> switch (opt) {
> /* portmask */
> case 'n':
> - strcpy(policy->vm_name, optarg);
> + rte_strlcpy(policy->vm_name, optarg, VM_MAX_NAME_SZ);
> printf("Setting VM Name to [%s]\n", policy->vm_name);
> break;
> case 'b':
> --
You can just use "strlcpy" without the "rte_" prefix. The rte_ version is
just a fallback used when a standard strlcpy - either natively or from
libbsd - is unavailable.
12/07/2019 16:47, Bruce Richardson:
> On Fri, Jul 12, 2019 at 03:04:02PM +0100, David Hunt wrote:
> > replace strcpy with rte_strlcpy to prevent buffer overrun
> > With fix, attempting to use a VERY lonng vm name results in a nicely
> > truncated 32 character name rather than a segfault:
> > Setting VM Name to [sdfdsfsfsdffdsdsasdsadasdakjshd]
> >
> > Cc: stable@dpdk.org
> > Fixes: 59287933a0bb ("examples/vm_power: add options to guest app")
> > Signed-off-by: David Hunt <david.hunt@intel.com>
It should be in this order:
Fixes: 59287933a0bb ("examples/vm_power: add options to guest app")
Cc: stable@dpdk.org
Signed-off-by: David Hunt <david.hunt@intel.com>
When in doubt about formatting, please check the git history.
You will find that the recent title prefix in use was "examples/power".
> > --- a/examples/vm_power_manager/guest_cli/main.c
> > +++ b/examples/vm_power_manager/guest_cli/main.c
> > - strcpy(policy->vm_name, optarg);
> > + rte_strlcpy(policy->vm_name, optarg, VM_MAX_NAME_SZ);
>
> You can just use "strlcpy" without the "rte_" prefix. The rte_ version is
> just a fallback used when a standard strlcpy - either natively or from
> libbsd - is unavailable.
Please replace the 2 other occurences of rte_strlcpy in this example
(can be in the same patch with a small comment in the commit log).
@@ -65,7 +65,7 @@ parse_args(int argc, char **argv)
switch (opt) {
/* portmask */
case 'n':
- strcpy(policy->vm_name, optarg);
+ rte_strlcpy(policy->vm_name, optarg, VM_MAX_NAME_SZ);
printf("Setting VM Name to [%s]\n", policy->vm_name);
break;
case 'b':