On Thu, Feb 14, 2019 at 09:30:31AM +0000, Chaitanya Babu Talluri wrote:
> Replace strcat with concatenation logic to avoid buffer overflow.
>
> Fixes: a6a47ac9c2 ("cfgfile: rework load function")
> Cc: sta...@dpdk.org
>
> Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.b...@intel.com>
> ---
> lib/librte_cfgfile/rte_cfgfile.c | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/lib/librte_cfgfile/rte_cfgfile.c
> b/lib/librte_cfgfile/rte_cfgfile.c
> index 7d8c941ea..7616742f7 100644
> --- a/lib/librte_cfgfile/rte_cfgfile.c
> +++ b/lib/librte_cfgfile/rte_cfgfile.c
> @@ -227,7 +227,15 @@ rte_cfgfile_load_with_params(const char *filename, int
> flags,
> while (end != NULL) {
> if (*(end+1) == params->comment_character) {
> *end = '\0';
> - strcat(split[1], end+1);
> + int index = strlen(split[1]);
> + char *temp = end+1;
> + while (*temp != '\0') {
> + split[1][index] = *temp;
> + index++;
> + temp++;
> + }
> + split[1][index] = '\0';
> +
I don't see how this change fixes the problem. From what I see, you have
just inlined the strcat function into the code above, without changing any
of the logic. To prevent buffer overflows using strcat, you need to
identify the total buffer length and use that when copying. I suggest
reworking this code to use strlcat.
/Bruce
