[PATCH] net/octeontx: fix buffer overflow in device name formatting

[PATCH] net/octeontx: fix buffer overflow in device name formatting

[Sergei Iashin]

Replace sprintf with snprintf when formatting into the fixed-size
octtx_name buffer in octeontx_create and octeontx_remove. The device
name can be up to 63 bytes (RTE_DEV_NAME_MAX_LEN) while the buffer
is only 32 bytes (OCTEONTX_MAX_NAME_LEN), which may cause a stack
buffer overflow with a long user-provided --vdev name.

Fixes: f18b146c498d ("net/octeontx: create ethdev ports")
Cc: stable@dpdk.org

Signed-off-by: Sergei Iashin <yashin.sergey@gmail.com>
---
 drivers/net/octeontx/octeontx_ethdev.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/octeontx/octeontx_ethdev.c b/drivers/net/octeontx/octeontx_ethdev.c
index 21e3e56901..e4dca30d9d 100644
--- a/drivers/net/octeontx/octeontx_ethdev.c
+++ b/drivers/net/octeontx/octeontx_ethdev.c
@@ -1555,7 +1555,7 @@ octeontx_create(struct rte_vdev_device *dev, int port, uint8_t evdev,
 
 	PMD_INIT_FUNC_TRACE();
 
-	sprintf(octtx_name, "%s_%d", name, port);
+	snprintf(octtx_name, sizeof(octtx_name), "%s_%d", name, port);
 	if (rte_eal_process_type() != RTE_PROC_PRIMARY) {
 		eth_dev = rte_eth_dev_attach_secondary(octtx_name);
 		if (eth_dev == NULL)
@@ -1711,7 +1711,7 @@ octeontx_remove(struct rte_vdev_device *dev)
 		return -EINVAL;
 
 	for (i = 0; i < OCTEONTX_VDEV_DEFAULT_MAX_NR_PORT; i++) {
-		sprintf(octtx_name, "eth_octeontx_%d", i);
+		snprintf(octtx_name, sizeof(octtx_name), "eth_octeontx_%d", i);
 
 		eth_dev = rte_eth_dev_allocated(octtx_name);
 		if (eth_dev == NULL)
-- 
2.39.5