在 2023/8/3 5:21, Tyler Retzlaff 写道:
strlcpy returns type size_t when directly assigning to
struct rte_tel_data data_len field it may be truncated leading to
compromised length check that follows
Since the limit in the check is < UINT_MAX the value returned is
safe to be cast to unsigned int (which may be narrower than size_t)
but only after being checked against RTE_TEL_MAX_SINGLE_STRING_LEN
Signed-off-by: Tyler Retzlaff <roret...@linux.microsoft.com>
---
lib/telemetry/telemetry_data.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/telemetry/telemetry_data.c b/lib/telemetry/telemetry_data.c
index 3b1a240..52307cb 100644
--- a/lib/telemetry/telemetry_data.c
+++ b/lib/telemetry/telemetry_data.c
@@ -41,12 +41,13 @@
int
rte_tel_data_string(struct rte_tel_data *d, const char *str)
{
+ const size_t len = strlcpy(d->data.str, str, sizeof(d->data.str));
sizeof(d->data.str) is equal to RTE_TEL_MAX_SINGLE_STRING_LEN(8192).
So It seems that this truncation probably will not happen.
d->type = TEL_STRING;
- d->data_len = strlcpy(d->data.str, str, sizeof(d->data.str));
- if (d->data_len >= RTE_TEL_MAX_SINGLE_STRING_LEN) {
+ if (len >= RTE_TEL_MAX_SINGLE_STRING_LEN) {
d->data_len = RTE_TEL_MAX_SINGLE_STRING_LEN - 1;
return E2BIG; /* not necessarily and error, just truncation */
}
+ d->data_len = (unsigned int)len;
return 0;
}
