From patchwork Wed Aug  2 21:21:01 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tyler Retzlaff <roretzla@linux.microsoft.com>
X-Patchwork-Id: 129837
X-Patchwork-Delegate: david.marchand@redhat.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 0169642FBA;
	Wed,  2 Aug 2023 23:21:04 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 911F24021E;
	Wed,  2 Aug 2023 23:21:04 +0200 (CEST)
Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
 by mails.dpdk.org (Postfix) with ESMTP id 43F504021D
 for <dev@dpdk.org>; Wed,  2 Aug 2023 23:21:03 +0200 (CEST)
Received: by linux.microsoft.com (Postfix, from userid 1086)
 id 66337238C43E; Wed,  2 Aug 2023 14:21:02 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 66337238C43E
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
 s=default; t=1691011262;
 bh=JbOlZTToF9r5waPzPkJq+8aIkRkmx8D5MpVtvZQGpVM=;
 h=From:To:Cc:Subject:Date:From;
 b=dXFXvsrDb5TG+GmS7mMD+MhgQyOoj4n47Ivxg16zChj2a5Tr0iG4Wfq8oajapHvoQ
 q2yKWzfgVI1CMDDXQ1wJBBXcyZ9Pcvpegj8c4oi2WHR2d/xjCnc0pPwzQaxjAz+yI7
 G92wCsCQRnbxfy+Uwt7A1NUhUmp96BYLj80u4qgs=
From: Tyler Retzlaff <roretzla@linux.microsoft.com>
To: dev@dpdk.org
Cc: Ciara Power <ciara.power@intel.com>, bruce.richardson@intel.com,
 Tyler Retzlaff <roretzla@linux.microsoft.com>
Subject: [PATCH] telemetry: avoid truncation of strlcpy return before check
Date: Wed,  2 Aug 2023 14:21:01 -0700
Message-Id: <1691011261-5666-1-git-send-email-roretzla@linux.microsoft.com>
X-Mailer: git-send-email 1.8.3.1
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

strlcpy returns type size_t when directly assigning to
struct rte_tel_data data_len field it may be truncated leading to
compromised length check that follows

Since the limit in the check is < UINT_MAX the value returned is
safe to be cast to unsigned int (which may be narrower than size_t)
but only after being checked against RTE_TEL_MAX_SINGLE_STRING_LEN

Signed-off-by: Tyler Retzlaff <roretzla@linux.microsoft.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
---
 lib/telemetry/telemetry_data.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/telemetry/telemetry_data.c b/lib/telemetry/telemetry_data.c
index 3b1a240..52307cb 100644
--- a/lib/telemetry/telemetry_data.c
+++ b/lib/telemetry/telemetry_data.c
@@ -41,12 +41,13 @@
 int
 rte_tel_data_string(struct rte_tel_data *d, const char *str)
 {
+	const size_t len = strlcpy(d->data.str, str, sizeof(d->data.str));
 	d->type = TEL_STRING;
-	d->data_len = strlcpy(d->data.str, str, sizeof(d->data.str));
-	if (d->data_len >= RTE_TEL_MAX_SINGLE_STRING_LEN) {
+	if (len >= RTE_TEL_MAX_SINGLE_STRING_LEN) {
 		d->data_len = RTE_TEL_MAX_SINGLE_STRING_LEN - 1;
 		return E2BIG; /* not necessarily and error, just truncation */
 	}
+	d->data_len = (unsigned int)len;
 	return 0;
 }