From mboxrd@z Thu Jan  1 00:00:00 1970
From: Olivier Matz <olivier.matz@6wind.com>
Subject: Re: [PATCH v1 1/1] cmdline: add any multi string mode to
	token string
Date: Mon, 4 Apr 2016 10:00:46 +0200
Message-ID: <57021F2E.8070306@6wind.com>
References: <1459510581-31392-1-git-send-email-piotrx.t.azarewicz@intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Cc: dev@dpdk.org
To: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Return-path: <dev-bounces@dpdk.org>
Received: from mail-lf0-f41.google.com (mail-lf0-f41.google.com
 [209.85.215.41]) by dpdk.org (Postfix) with ESMTP id 6924A2C60
 for <dev@dpdk.org>; Mon,  4 Apr 2016 10:00:50 +0200 (CEST)
Received: by mail-lf0-f41.google.com with SMTP id p188so129802299lfd.0
 for <dev@dpdk.org>; Mon, 04 Apr 2016 01:00:50 -0700 (PDT)
In-Reply-To: <1459510581-31392-1-git-send-email-piotrx.t.azarewicz@intel.com>
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Hi Piotr,

This is globally ok for me. Please see a comment below.

On 04/01/2016 01:36 PM, Piotr Azarewicz wrote:
> @@ -162,12 +174,15 @@ cmdline_parse_string(cmdline_parse_token_hdr_t *tk, const char *buf, void *res,
>  	}
>  
>  	if (res) {
> -		/* we are sure that token_len is < STR_TOKEN_SIZE-1 */
> -		snprintf(res, STR_TOKEN_SIZE, "%s", buf);
> -		*((char *)res + token_len) = 0;
> +		if ((sd->str != NULL) && (strcmp(sd->str, TOKEN_STRING_MULTI) == 0))
> +			snprintf(res, token_len + 1, "%s", buf);
> +		else {
> +			/* we are sure that token_len is < STR_TOKEN_SIZE-1 */
> +			snprintf(res, STR_TOKEN_SIZE, "%s", buf);
> +			*((char *)res + token_len) = 0;
> +		}
>  	}
>  

Using token_len + 1 as the buffer size in the snprintf looks a
bit dangerous, as it won't protect from overflows.

See the following example:


struct cmd_foo_result {
	cmdline_fixed_string_t args;
        cmdline_fixed_string_t foo;
};

static void
cmd_foo_parsed(void *parsed_result,
        __rte_unused struct cmdline *cl,
        __rte_unused void *data)
{
        struct cmd_foo_result *res = parsed_result;
        printf("foo=%s, args=%s\n", res->foo, res->args);
}

cmdline_parse_token_string_t cmd_foo_foo =
        TOKEN_STRING_INITIALIZER(struct cmd_foo_result, foo,
                                 "foo");
cmdline_parse_token_string_t cmd_foo_args =
        TOKEN_STRING_INITIALIZER(struct cmd_foo_result, args,
                TOKEN_STRING_MULTI);

cmdline_parse_inst_t cmd_foo = {
        .f = cmd_foo_parsed,  /* function to call */
        .data = NULL,      /* 2nd arg of func */
        .help_str = "test",
        .tokens = {        /* token list, NULL terminated */
                (void *)&cmd_foo_foo,
                (void *)&cmd_foo_args,
                NULL,
        },
};


The result will be:

# ok
RTE>>foo xxx
foo=foo, args=xxx

# not ok, args overflows in foo
RTE>>foo
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
foo=xxxxxxxxxxxxxxxxxxxxxxx,
args=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


That's why snprintf() should still use STR_TOKEN_SIZE.


Regards,
Olivier