[dpdk-dev] examples/vhost_scsi: fix buffer not terminated
Checks
Commit Message
From: Jacek Piasecki <jacekx.piasecki@intel.com>
Fix size of buffer in strcpy. There was possible to get
not terminated string after copy operation.
Coverity issue: 158631
Fixes: db75c7af19bb ("examples/vhost_scsi: introduce a new sample app")
Cc: changpeng.liu@intel.com
Cc: stable@dpdk.org
Signed-off-by: Jacek Piasecki <jacekx.piasecki@intel.com>
---
examples/vhost_scsi/scsi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Comments
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Michal Jastrzebski
> Sent: Friday, September 22, 2017 3:08 PM
> To: yliu@fridaylinux.org; maxime.coquelin@redhat.com
> Cc: dev@dpdk.org; Jain, Deepak K <deepak.k.jain@intel.com>; Piasecki,
> JacekX <jacekx.piasecki@intel.com>; Liu, Changpeng
> <changpeng.liu@intel.com>; stable@dpdk.org
> Subject: [dpdk-dev] [PATCH] examples/vhost_scsi: fix buffer not terminated
>
> From: Jacek Piasecki <jacekx.piasecki@intel.com>
>
> Fix size of buffer in strcpy. There was possible to get
> not terminated string after copy operation.
>
> Coverity issue: 158631
> Fixes: db75c7af19bb ("examples/vhost_scsi: introduce a new sample app")
> Cc: changpeng.liu@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Jacek Piasecki <jacekx.piasecki@intel.com>
> ---
> examples/vhost_scsi/scsi.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/examples/vhost_scsi/scsi.c b/examples/vhost_scsi/scsi.c
> index 54d3104..de9639a 100644
> --- a/examples/vhost_scsi/scsi.c
> +++ b/examples/vhost_scsi/scsi.c
> @@ -307,7 +307,8 @@
> strncpy((char *)inqdata->t10_vendor_id, "INTEL", 8);
>
> /* PRODUCT IDENTIFICATION */
> - strncpy((char *)inqdata->product_id, bdev->product_name,
> 16);
> + strncpy((char *)inqdata->product_id, bdev->product_name,
> + ARRAY_SIZE(inqdata->product_id) - 1);
>
> /* PRODUCT REVISION LEVEL */
> strncpy((char *)inqdata->product_rev, "0001", 4);
> --
> 1.9.1
I am sorry, please ignore this mail - sent two times.
@@ -307,7 +307,8 @@
strncpy((char *)inqdata->t10_vendor_id, "INTEL", 8);
/* PRODUCT IDENTIFICATION */
- strncpy((char *)inqdata->product_id, bdev->product_name, 16);
+ strncpy((char *)inqdata->product_id, bdev->product_name,
+ ARRAY_SIZE(inqdata->product_id) - 1);
/* PRODUCT REVISION LEVEL */
strncpy((char *)inqdata->product_rev, "0001", 4);