From mboxrd@z Thu Jan  1 00:00:00 1970
From: Reshma Pattan <reshma.pattan@intel.com>
Subject: [PATCH 2/3] pdump: fix string overflow
Date: Tue, 21 Jun 2016 16:18:04 +0100
Message-ID: <1466522285-15023-3-git-send-email-reshma.pattan@intel.com>
References: <1466522285-15023-1-git-send-email-reshma.pattan@intel.com>
Cc: Reshma Pattan <reshma.pattan@intel.com>
To: dev@dpdk.org
Return-path: <dev-bounces@dpdk.org>
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
 by dpdk.org (Postfix) with ESMTP id 7ECEAC33A
 for <dev@dpdk.org>; Tue, 21 Jun 2016 17:18:21 +0200 (CEST)
In-Reply-To: <1466522285-15023-1-git-send-email-reshma.pattan@intel.com>
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

using source length in strncpy can cause destination
overflow if destination length is not big enough to
handle the source string. Changes are made to use destination
size instead of source length in strncpy.

Cverity issue 127350: string overflow

Fixes: 278f945402c5 ("pdump: add new library for packet capture")

Signed-off-by: Reshma Pattan <reshma.pattan@intel.com>
---
 lib/librte_pdump/rte_pdump.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/librte_pdump/rte_pdump.c b/lib/librte_pdump/rte_pdump.c
index dbc6816..05513d6 100644
--- a/lib/librte_pdump/rte_pdump.c
+++ b/lib/librte_pdump/rte_pdump.c
@@ -460,8 +460,7 @@ pdump_get_socket_path(char *buffer, int bufsz, enum rte_pdump_socktype type)
 					SOCKET_PATH_HOME, __func__, __LINE__);
 				return -1;
 			}
-		}
-		else
+		} else
 			dir = SOCKET_PATH_VAR_RUN;
 	}
 
@@ -800,13 +799,15 @@ pdump_prepare_client_request(char *device, uint16_t queue,
 	req.flags = flags;
 	req.op =  operation;
 	if ((operation & ENABLE) != 0) {
-		strncpy(req.data.en_v1.device, device, strlen(device));
+		strncpy(req.data.en_v1.device, device,
+			sizeof(req.data.en_v1.device)-1);
 		req.data.en_v1.queue = queue;
 		req.data.en_v1.ring = ring;
 		req.data.en_v1.mp = mp;
 		req.data.en_v1.filter = filter;
 	} else {
-		strncpy(req.data.dis_v1.device, device, strlen(device));
+		strncpy(req.data.dis_v1.device, device,
+			sizeof(req.data.dis_v1.device)-1);
 		req.data.dis_v1.queue = queue;
 		req.data.dis_v1.ring = NULL;
 		req.data.dis_v1.mp = NULL;
-- 
2.5.0