From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=zrba=VN=dpdk.org=dev-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-9.7 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,
	URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 96BF3C76188
	for <dpdk-dev@archiver.kernel.org>; Tue, 16 Jul 2019 11:19:10 +0000 (UTC)
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by mail.kernel.org (Postfix) with ESMTP id 325232145D
	for <dpdk-dev@archiver.kernel.org>; Tue, 16 Jul 2019 11:19:10 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 325232145D
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dev-bounces@dpdk.org
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 118F62BC7;
	Tue, 16 Jul 2019 13:19:09 +0200 (CEST)
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by dpdk.org (Postfix) with ESMTP id 141221B53;
 Tue, 16 Jul 2019 13:19:06 +0200 (CEST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga008.jf.intel.com ([10.7.209.65])
 by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 16 Jul 2019 04:19:05 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.63,498,1557212400"; d="scan'208";a="161394540"
Received: from silpixa00399952.ir.intel.com (HELO
 silpixa00399952.ger.corp.intel.com) ([10.237.222.88])
 by orsmga008.jf.intel.com with ESMTP; 16 Jul 2019 04:19:04 -0700
From: David Hunt <david.hunt@intel.com>
To: dev@dpdk.org
Cc: david.hunt@intel.com,
	stable@dpdk.org
Date: Tue, 16 Jul 2019 12:19:00 +0100
Message-Id: <20190716111900.33553-1-david.hunt@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20190716082405.22394-1-david.hunt@intel.com>
References: <20190716082405.22394-1-david.hunt@intel.com>
Subject: [dpdk-dev] [PATCH v3] examples/vm_power: fix strcpy buffer overrun
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

replace strcpy with strlcpy to prevent buffer overrun
With fix, attempting to use a VERY lonng vm name results in a nicely
truncated 32 character name rather than a segfault:
Setting VM Name to [sdfdsfsfsdffdsdsasdsadasdakjshd]

Using strlcpy rather than rte_strlcpy, as the rte_ version is only a
fallback.

As well as the fix in main.c, this patch also changes an occurrence of
rte_strlcpy in channel_manager.c and channel_monitor.c to strlcpy.

Fixes: 59287933a0bb ("examples/vm_power: add options to guest app")
Cc: stable@dpdk.org
Signed-off-by: David Hunt <david.hunt@intel.com>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
 examples/vm_power_manager/channel_manager.c | 2 +-
 examples/vm_power_manager/channel_monitor.c | 2 +-
 examples/vm_power_manager/guest_cli/main.c  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/examples/vm_power_manager/channel_manager.c b/examples/vm_power_manager/channel_manager.c
index 2c1332257..4db225755 100644
--- a/examples/vm_power_manager/channel_manager.c
+++ b/examples/vm_power_manager/channel_manager.c
@@ -588,7 +588,7 @@ add_host_channels(void)
 			goto error;
 		}
 		chan_infos[i] = chan_info;
-		rte_strlcpy(chan_info->channel_path, socket_path,
+		strlcpy(chan_info->channel_path, socket_path,
 				sizeof(chan_info->channel_path));
 
 		if (setup_host_channel_info(&chan_info, i) < 0) {
diff --git a/examples/vm_power_manager/channel_monitor.c b/examples/vm_power_manager/channel_monitor.c
index 9d7474da0..496772f8a 100644
--- a/examples/vm_power_manager/channel_monitor.c
+++ b/examples/vm_power_manager/channel_monitor.c
@@ -309,7 +309,7 @@ parse_json_to_pkt(json_t *element, struct channel_packet *pkt,
 				vm_name);
 			return -1;
 		}
-		rte_strlcpy(pkt->vm_name, vm_name, VM_MAX_NAME_SZ);
+		strlcpy(pkt->vm_name, vm_name, VM_MAX_NAME_SZ);
 		pkt->resource_id = resource_id;
 	}
 	return 0;
diff --git a/examples/vm_power_manager/guest_cli/main.c b/examples/vm_power_manager/guest_cli/main.c
index 36365b124..2094145eb 100644
--- a/examples/vm_power_manager/guest_cli/main.c
+++ b/examples/vm_power_manager/guest_cli/main.c
@@ -65,7 +65,7 @@ parse_args(int argc, char **argv)
 		switch (opt) {
 		/* portmask */
 		case 'n':
-			strcpy(policy->vm_name, optarg);
+			strlcpy(policy->vm_name, optarg, VM_MAX_NAME_SZ);
 			printf("Setting VM Name to [%s]\n", policy->vm_name);
 			break;
 		case 'b':
-- 
2.17.1