On 2/4/2019 7:22 AM, Pallantla Poornima wrote:
> sprintf function is not secure as it doesn't check the length of string.
> More secure function snprintf is used.
Can you please update title to reflect what actually fixed, something like:
net/nfp: fix possible buffer overflow
>
> Fixes: 896c265ef9 ("net/nfp: use new CPP interface")
> Fixes: c4171b520b ("net/nfp: support PF multiport")
> Cc: sta...@dpdk.org
>
> Signed-off-by: Pallantla Poornima <pallantlax.poorn...@intel.com>
> ---
> drivers/net/nfp/nfp_net.c | 20 ++++++++++++--------
> 1 file changed, 12 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/net/nfp/nfp_net.c b/drivers/net/nfp/nfp_net.c
> index a791e95e2..dd8cae135 100644
> --- a/drivers/net/nfp/nfp_net.c
> +++ b/drivers/net/nfp/nfp_net.c
> @@ -3318,9 +3318,9 @@ nfp_pf_create_dev(struct rte_pci_device *dev, int port,
> int ports,
> return -ENOMEM;
>
> if (ports > 1)
> - sprintf(port_name, "%s_port%d", dev->device.name, port);
> + snprintf(port_name, 100, "%s_port%d", dev->device.name, port);
> else
> - sprintf(port_name, "%s", dev->device.name);
> + snprintf(port_name, 100, "%s", dev->device.name);
This can be done as strlcat() but I leave this to Alejandro, unless you don't
get his feedback I think good to continue as it is.
<...>
> @@ -3530,8 +3533,9 @@ nfp_fw_setup(struct rte_pci_device *dev, struct nfp_cpp
> *cpp,
>
> PMD_DRV_LOG(INFO, "Port speed: %u", nfp_eth_table->ports[0].speed);
>
> - sprintf(card_desc, "nic_%s_%dx%d.nffw", nfp_fw_model,
> - nfp_eth_table->count, nfp_eth_table->ports[0].speed / 1000);
> + snprintf(card_desc, sizeof(card_desc), "nic_%s_%dx%d.nffw",
> + nfp_fw_model, nfp_eth_table->count,
> + nfp_eth_table->ports[0].speed / 1000);
Can you please fix the indentation?
