The use of strncpy is not generally recommended, so replace it in code
tokenizing the representor list. Since its use in the function is not
involving null-terminated strings (we know that copied block will
not involve a null value in it), we can replace strncpy with memcpy
rather than a string function. This keeps the original intent of the
code.
For extra safety, also add in an explicit bounds check on the length
value before doing the memcpy.
Fixes: 9a9eb104edf6 ("ethdev: parse multiple representor devargs")
Cc: [email protected]
Signed-off-by: Bruce Richardson <[email protected]>
---
lib/ethdev/ethdev_driver.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/ethdev/ethdev_driver.c b/lib/ethdev/ethdev_driver.c
index 70ddce5bfc..4043ce898f 100644
--- a/lib/ethdev/ethdev_driver.c
+++ b/lib/ethdev/ethdev_driver.c
@@ -583,10 +583,15 @@ eth_dev_tokenise_representor_list(char *p_val, struct
rte_eth_devargs *eth_devar
return devargs;
}
+ /* len - 2 strips the outer '[' and ']'; guard against underflow and
overflow */
+ if (len < 2 || (len - 2) >= BUFSIZ) {
+ RTE_ETHDEV_LOG_LINE(ERR, "Representor list too long or
malformed: %s", p_val);
+ return -EINVAL;
+ }
memset(str, 0, BUFSIZ);
memset(da_val, 0, BUFSIZ);
/* Remove the exterior [] of the consolidated list */
- strncpy(str, &p_val[1], len - 2);
+ memcpy(str, &p_val[1], len - 2);
while (1) {
if (str[i] == '\0') {
if (da_val[0] != '\0') {
--
2.53.0
