From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ferruh Yigit Subject: Re: [PATCH v2] lib/cfgfile: replace strcat with strlcat Date: Wed, 27 Mar 2019 11:37:50 +0000 Message-ID: References: <1550136631-32415-1-git-send-email-tallurix.chaitanya.babu@intel.com> <1552049150-5046-1-git-send-email-tallurix.chaitanya.babu@intel.com> <20190308140205.GA689548@bricha3-MOBL.ger.corp.intel.com> <2c2ea69f-38f3-677d-b4a6-996f1668dd44@intel.com> <761FB0F2AB727F4FA9CE98D18810B0151B1F18AA@BGSMSX103.gar.corp.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: "dev@dpdk.org" , "Pattan, Reshma" , "Parthasarathy, JananeeX M" , "Dumitrescu, Cristian" , "stable@dpdk.org" To: "Chaitanya Babu, TalluriX" , "Richardson, Bruce" Return-path: In-Reply-To: <761FB0F2AB727F4FA9CE98D18810B0151B1F18AA@BGSMSX103.gar.corp.intel.com> Content-Language: en-US List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 3/26/2019 10:04 AM, Chaitanya Babu, TalluriX wrote: > Hi > >> -----Original Message----- >> From: Yigit, Ferruh >> Sent: Friday, March 8, 2019 11:01 PM >> To: Richardson, Bruce ; Chaitanya Babu, TalluriX >> >> Cc: dev@dpdk.org; Pattan, Reshma ; >> Parthasarathy, JananeeX M ; >> Dumitrescu, Cristian ; stable@dpdk.org >> Subject: Re: [PATCH v2] lib/cfgfile: replace strcat with strlcat >> >> On 3/8/2019 2:02 PM, Bruce Richardson wrote: >>> On Fri, Mar 08, 2019 at 12:45:50PM +0000, Chaitanya Babu Talluri wrote: >>>> Replace strcat with strlcat to avoid buffer overflow. >>>> >>>> Fixes: a6a47ac9c2 ("cfgfile: rework load function") >>>> Cc: stable@dpdk.org >>>> >>>> Signed-off-by: Chaitanya Babu Talluri >>>> >>>> --- >>>> v2: Instead of strcat, used strlcat. >>>> --- >>>> lib/librte_cfgfile/rte_cfgfile.c | 4 +++- >>>> 1 file changed, 3 insertions(+), 1 deletion(-) >>>> >>>> diff --git a/lib/librte_cfgfile/rte_cfgfile.c >>>> b/lib/librte_cfgfile/rte_cfgfile.c >>>> index 7d8c941ea..3296bb6f8 100644 >>>> --- a/lib/librte_cfgfile/rte_cfgfile.c >>>> +++ b/lib/librte_cfgfile/rte_cfgfile.c >>>> @@ -8,6 +8,7 @@ >>>> #include >>>> #include >>>> #include >>>> +#include >>>> >>>> #include "rte_cfgfile.h" >>>> >>>> @@ -224,10 +225,11 @@ rte_cfgfile_load_with_params(const char >> *filename, int flags, >>>> _strip(split[1], strlen(split[1])); >>>> char *end = memchr(split[1], '\\', strlen(split[1])); >>>> >>>> + size_t split_len = strlen(split[1]) + 1; >>>> while (end != NULL) { >>>> if (*(end+1) == params->comment_character) >> { >>>> *end = '\0'; >>>> - strcat(split[1], end+1); >>>> + strlcat(split[1], end+1, split_len); >>> >>> I don't think this will do what you want. Remember that strlcat takes >>> the total length of the buffer, which means that if split_len is set >>> to the current length (as you do before the while statement), then >>> passing that as the length parameter will cause strlcat to do nothing, >>> since it sees the buffer as already full. >> >> The logic doesn't lengthen the 'split[1]' content, indeed it reduces the initial >> size although it uses string concatenation, that is why it should be OK to use >> 'split_len' here. >> >> What code does is, it finds specific char in 'split' buffer and removes it by >> shifting remaining chars one byte to the left. So it shouldn't pass the initial size >> of the buffer. >> >> There is a overlapping strings concern, which 'strcat' & 'strlcat' don't support, >> but I guess it is OK here since we are sure that strings are separated by a >> NULL, so where a char read and written should be different although overall >> dst and src buffers overlap. > > Yes, although the same string is manipulated the split string (*end = '\0') is separated with NULL. > Strlcat works fine here and expected concatenation is happening. > If there are no further comments request for ACK please. Acked-by: Ferruh Yigit