If 1024 bytes were received over the socket, this caused
buffer_recvf[bytes] to overrun the array. The size of the buffer - 1 is
now passed to the read function.
Coverity issue: 358442
Fixes: b80fe1805eee ("telemetry: introduce backward compatibility")
Cc: ciara.po...@intel.com
Signed-off-by: Ciara Power <ciara.po...@intel.com>
---
lib/librte_telemetry/telemetry_legacy.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/librte_telemetry/telemetry_legacy.c
b/lib/librte_telemetry/telemetry_legacy.c
index 2de9021349..a341fe4ebd 100644
--- a/lib/librte_telemetry/telemetry_legacy.c
+++ b/lib/librte_telemetry/telemetry_legacy.c
@@ -217,7 +217,7 @@ legacy_client_handler(void *sock_id)
int ret;
char buffer_recv[BUF_SIZE];
/* receive data is not null terminated */
- int bytes = read(s, buffer_recv, sizeof(buffer_recv));
+ int bytes = read(s, buffer_recv, sizeof(buffer_recv) - 1);
while (bytes > 0) {
buffer_recv[bytes] = 0;
@@ -234,7 +234,7 @@ legacy_client_handler(void *sock_id)
if (ret < 0)
printf("\nCould not send error response\n");
}
- bytes = read(s, buffer_recv, sizeof(buffer_recv));
+ bytes = read(s, buffer_recv, sizeof(buffer_recv) - 1);
}
close(s);
return NULL;
--
2.17.1
