On 2/27/2019 6:02 AM, Chaitanya Babu Talluri wrote:
> Strcat does not check the destination length and there might be
> chances of string overflow so instead of strcat, strlcat is used.
>
> Fixes: 540a211084 ("bnx2x: driver core")
> Fixes: e163c18a15 ("net/i40e: update ptype and pctype info")
> Fixes: ef28aa96e5 ("net/nfp: support multiprocess")
> Fixes: 6f4eec2565 ("test/crypto: enhance scheduler unit tests")
> Cc: sta...@dpdk.org
>
> Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.b...@intel.com>
> ---
> v3: Instead of strncat, used strlcat.
> v2: Instead of strncat, used snprintf.
> ---
> drivers/net/bnx2x/bnx2x.c | 6 ++++--
> drivers/net/i40e/i40e_ethdev.c | 6 ++++--
> drivers/net/nfp/nfpcore/nfp_cpp_pcie_ops.c | 10 ++++++----
> test/test/test_cryptodev.c | 5 ++++-
> 4 files changed, 18 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/net/bnx2x/bnx2x.c b/drivers/net/bnx2x/bnx2x.c
> index 4c775c163..e418fd7d1 100644
> --- a/drivers/net/bnx2x/bnx2x.c
> +++ b/drivers/net/bnx2x/bnx2x.c
> @@ -11734,13 +11734,15 @@ static const char *get_bnx2x_flags(uint32_t flags)
>
> for (i = 0; i < 5; i++)
> if (flags & (1 << i)) {
> - strcat(flag_str, flag[i]);
> + strlcat(flag_str, flag[i],
> + BNX2X_INFO_STR_MAX - strlen(flag_str) - 1);
Hi Chaitanya,
I am not sure if this is correct usage of `strlcat`, can you please check its
man page [1], my concern is specially following part:
"... Unlike those functions, strlcpy() and strlcat() take the full size of the
buffer (not just the length) and ... "
[1]
https://linux.die.net/man/3/strlcat
