On 07/04/16 14:23, Pablo de Lara wrote:
> When parsing crypto device type, the string was being copied
> with strcpy(), which could overflow the destination buffer
> (which is 32 byte long), so snprintf() should be used instead.
>
> This fixes coverity issue 124575:
>
> /examples/l2fwd-crypto/main.c: 1005 in l2fwd_crypto_parse_args_long_options()
> *** CID 124575: (STRING_OVERFLOW)
> 999
> 1000 /* Authentication options */
> 1001 else if (strcmp(lgopts[option_index].name, "auth_algo") == 0) {
> 1002 retval = parse_auth_algo(&options->auth_xform.auth.algo,
> 1003 optarg);
> 1004 if (retval == 0)
>>>> CID 124575: (STRING_OVERFLOW)
>>>> You might overrun the 32 byte fixed-size string
>>>> "options->string_auth_algo" by copying "optarg" without checking the
>>>> length.
> 1005 strcpy(options->string_auth_algo, optarg);
> 1006 return retval;
> 1007 }
>
> Fixes: commit 49f79e86480d ("examples/l2fwd-crypto: add missing string
> initialization")
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
> ---
...
>
Acked-by: Declan Doherty <declan.doherty at intel.com>
