On Tue, 11 Feb 2025 17:54:26 +0000
Bruce Richardson <bruce.richard...@intel.com> wrote:
> On Tue, Feb 11, 2025 at 09:48:32AM -0800, Stephen Hemminger wrote:
> > On Thu, 6 Feb 2025 02:08:36 +0200
> > Shani Peretz <shper...@nvidia.com> wrote:
> >
> > > static int
> > > -cdx_parse(const char *name, void *addr)
> > > +cdx_parse(const char *name, void *addr, int *size)
> > > {
> > > - const char **out = addr;
> > > int ret;
> > >
> > > ret = strncmp(name, CDX_DEV_PREFIX, strlen(CDX_DEV_PREFIX));
> > >
> > > - if (ret == 0 && addr)
> > > - *out = name;
> > > + if (ret != 0)
> > > + return ret;
> > > +
> > > + if (size != NULL)
> > > + *size = strlen(name) + 1;
> > > +
> > > + if (addr != NULL)
> > > + rte_strscpy(addr, name, strlen(name) + 1);
> >
> > Why use rte_strscpy() here?
> >
> > The intention of strscpy() is to handle case where the resulting
> > buffer is limited in size. By using the input string length you aren't
> > really
> > doing anything different than strcpy(). Still unsafe if output (addr) is
> > not big enough.
>
> And using strlcpy is probably fine too, without having to use dpdk-specific
> string functions.
>
> /Bruce
The issue is that any length argument needs to come from caller based on the
size of the target buffer. Not from length of source string.
If you want to make parse code string safe, then either size needs to be always
present and in/out parameter or need to have a src_size and resulting size as
separate params.
