From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thomas Monjalon <thomas@monjalon.net>
Subject: Re: [PATCH 2/2] examples/vhost_scsi: fix potential
	buffer overrun with safe copy API
Date: Tue, 22 May 2018 19:47:39 +0200
Message-ID: <3339436.bIZ7ygsVkQ@xps>
References: <1526599932-13083-1-git-send-email-changpeng.liu@intel.com>
 <1526599932-13083-2-git-send-email-changpeng.liu@intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7Bit
Cc: dev@dpdk.org
To: Changpeng Liu <changpeng.liu@intel.com>
Return-path: <dev-bounces@dpdk.org>
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com
 [66.111.4.27]) by dpdk.org (Postfix) with ESMTP id 2B9F311D4
 for <dev@dpdk.org>; Tue, 22 May 2018 19:47:41 +0200 (CEST)
In-Reply-To: <1526599932-13083-2-git-send-email-changpeng.liu@intel.com>
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

18/05/2018 01:32, Changpeng Liu:
> Signed-off-by: Changpeng Liu <changpeng.liu@intel.com>

Missing explanations.

> -			strlcpy((char *)vpage->params, bdev->name,
> -					sizeof(vpage->params));
> +			vhost_strcpy_pad((char *)vpage->params, bdev->name,
> +					sizeof(vpage->params), ' ');

Why do you think vhost_strcpy_pad is safer than strlcpy?

> -	strncpy(bdev->name, bdev_name, sizeof(bdev->name));
> -	strncpy(bdev->product_name, bdev_serial, sizeof(bdev->product_name));
> +	snprintf(bdev->name, sizeof(bdev->name), "%s", bdev_name);
> +	snprintf(bdev->product_name, sizeof(bdev->product_name),
> +		"%s", bdev_serial);

You should use strlcpy.