[dpdk-dev] examples/vhost_scsi: fix buffer not terminated

Message ID	20170922130819.5948-1-michalx.k.jastrzebski@intel.com (mailing list archive)
State	Rejected, archived
Headers	From: Michal Jastrzebski <michalx.k.jastrzebski@intel.com> To: yliu@fridaylinux.org, maxime.coquelin@redhat.com Cc: dev@dpdk.org, deepak.k.jain@intel.com, Jacek Piasecki <jacekx.piasecki@intel.com>, changpeng.liu@intel.com, stable@dpdk.org Date: Fri, 22 Sep 2017 15:08:19 +0200 Message-Id: <20170922130819.5948-1-michalx.k.jastrzebski@intel.com> Subject: [dpdk-dev] [PATCH] examples/vhost_scsi: fix buffer not terminated Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>

Message ID

20170922130819.5948-1-michalx.k.jastrzebski@intel.com (mailing list archive)

State

Rejected, archived

Headers

From: Michal Jastrzebski <michalx.k.jastrzebski@intel.com>
To: yliu@fridaylinux.org,
	maxime.coquelin@redhat.com
Cc: dev@dpdk.org, deepak.k.jain@intel.com,
	Jacek Piasecki <jacekx.piasecki@intel.com>, changpeng.liu@intel.com, 
	stable@dpdk.org
Date: Fri, 22 Sep 2017 15:08:19 +0200
Message-Id: <20170922130819.5948-1-michalx.k.jastrzebski@intel.com>
Subject: [dpdk-dev] [PATCH] examples/vhost_scsi: fix buffer not terminated
Precedence: list
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK

Commit Message

Michal Jastrzebski Sept. 22, 2017, 1:08 p.m. UTC

  From: Jacek Piasecki <jacekx.piasecki@intel.com>

Fix size of buffer in strcpy. There was possible to get
not terminated string after copy operation.

Coverity issue: 158631
Fixes: db75c7af19bb ("examples/vhost_scsi: introduce a new sample app")
Cc: changpeng.liu@intel.com
Cc: stable@dpdk.org

Signed-off-by: Jacek Piasecki <jacekx.piasecki@intel.com>
---
 examples/vhost_scsi/scsi.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Michal Jastrzebski Sept. 22, 2017, 1:23 p.m. UTC | #1

> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Michal Jastrzebski
> Sent: Friday, September 22, 2017 3:08 PM
> To: yliu@fridaylinux.org; maxime.coquelin@redhat.com
> Cc: dev@dpdk.org; Jain, Deepak K <deepak.k.jain@intel.com>; Piasecki,
> JacekX <jacekx.piasecki@intel.com>; Liu, Changpeng
> <changpeng.liu@intel.com>; stable@dpdk.org
> Subject: [dpdk-dev] [PATCH] examples/vhost_scsi: fix buffer not terminated
> 
> From: Jacek Piasecki <jacekx.piasecki@intel.com>
> 
> Fix size of buffer in strcpy. There was possible to get
> not terminated string after copy operation.
> 
> Coverity issue: 158631
> Fixes: db75c7af19bb ("examples/vhost_scsi: introduce a new sample app")
> Cc: changpeng.liu@intel.com
> Cc: stable@dpdk.org
> 
> Signed-off-by: Jacek Piasecki <jacekx.piasecki@intel.com>
> ---
>  examples/vhost_scsi/scsi.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/examples/vhost_scsi/scsi.c b/examples/vhost_scsi/scsi.c
> index 54d3104..de9639a 100644
> --- a/examples/vhost_scsi/scsi.c
> +++ b/examples/vhost_scsi/scsi.c
> @@ -307,7 +307,8 @@
>  		strncpy((char *)inqdata->t10_vendor_id, "INTEL", 8);
> 
>  		/* PRODUCT IDENTIFICATION */
> -		strncpy((char *)inqdata->product_id, bdev->product_name,
> 16);
> +		strncpy((char *)inqdata->product_id, bdev->product_name,
> +				ARRAY_SIZE(inqdata->product_id) - 1);
> 
>  		/* PRODUCT REVISION LEVEL */
>  		strncpy((char *)inqdata->product_rev, "0001", 4);
> --
> 1.9.1

I am sorry, please ignore this mail - sent two times.

diff mbox

Patch

diff --git a/examples/vhost_scsi/scsi.c b/examples/vhost_scsi/scsi.c
index 54d3104..de9639a 100644
--- a/examples/vhost_scsi/scsi.c
+++ b/examples/vhost_scsi/scsi.c
@@ -307,7 +307,8 @@ 
 		strncpy((char *)inqdata->t10_vendor_id, "INTEL", 8);
 
 		/* PRODUCT IDENTIFICATION */
-		strncpy((char *)inqdata->product_id, bdev->product_name, 16);
+		strncpy((char *)inqdata->product_id, bdev->product_name,
+				ARRAY_SIZE(inqdata->product_id) - 1);
 
 		/* PRODUCT REVISION LEVEL */
 		strncpy((char *)inqdata->product_rev, "0001", 4);