From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ferruh Yigit Subject: Re: [PATCH 3/3] app/pdump: fix string overflow Date: Tue, 21 Jun 2016 18:21:13 +0100 Message-ID: <57697789.6050500@intel.com> References: <1466522285-15023-1-git-send-email-reshma.pattan@intel.com> <1466522285-15023-4-git-send-email-reshma.pattan@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable To: Reshma Pattan , dev@dpdk.org Return-path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 2E111C408 for ; Tue, 21 Jun 2016 19:21:16 +0200 (CEST) In-Reply-To: <1466522285-15023-4-git-send-email-reshma.pattan@intel.com> List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 6/21/2016 4:18 PM, Reshma Pattan wrote: > using source length in strncpy can cause destination > overflow if destination length is not big enough to > handle the source string. Changes are made to use destination > size instead of source length in strncpy. >=20 > Coverity issue 127351: string overflow >=20 > Fixes: caa7028276b8 ("app/pdump: add tool for packet capturing") >=20 > Signed-off-by: Reshma Pattan > --- > app/pdump/main.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) >=20 > diff --git a/app/pdump/main.c b/app/pdump/main.c > index f8923b9..af92ef3 100644 > --- a/app/pdump/main.c > +++ b/app/pdump/main.c > @@ -217,12 +217,12 @@ parse_rxtxdev(const char *key, const char *value,= void *extra_args) > struct pdump_tuples *pt =3D extra_args; > =20 > if (!strcmp(key, PDUMP_RX_DEV_ARG)) { > - strncpy(pt->rx_dev, value, strlen(value)); > + strncpy(pt->rx_dev, value, sizeof(pt->rx_dev)-1); I guess size-1 is to give room for terminating null byte, but for this case is it guarantied that pt->rx_dev last byte is NULL?