On 1/30/2020 9:04 PM, Ori Kam wrote:
> When working with testpmd and setting the dynflag name, we copy the
> name given by the cmd to the dynflag name.
>
> The issue is that the size of the dynflag name is smaller then the
> string used by testpmd.
>
> This commit solves this issue by checking that the length of the requested
> flag name is not too long.
>
> Coverity issue: 353610
>
> Fixes: b57b66a97ebf ("app/testpmd: support mbuf dynamic flag")
>
> Signed-off-by: Ori Kam <or...@mellanox.com>
> ---
> V3:
> * Fix style issue.
>
> V2:
> * change to check the requested flag name.
> ---
> app/test-pmd/cmdline.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/app/test-pmd/cmdline.c b/app/test-pmd/cmdline.c
> index dab22bc..7ccc778 100644
> --- a/app/test-pmd/cmdline.c
> +++ b/app/test-pmd/cmdline.c
> @@ -18865,6 +18865,10 @@ struct cmd_config_tx_dynf_specific_result {
>
> if (port_id_is_invalid(res->port_id, ENABLED_WARN))
> return;
> + if (strlen(res->name) > sizeof(desc_flag.name)) {
Shouldn't it be ">=" since 'strlen' doesn't count terminating char.
It would be safer to use 'strnlen'.
> + printf("Flag name too long\n");
> + return;
> + }
> flag = rte_mbuf_dynflag_lookup(res->name, NULL);
> if (flag <= 0) {
> strcpy(desc_flag.name, res->name);
And it would be nice to use 'strlcpy' here, to be sure target string will be
null terminated.
