CID 13307 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
fixed_size_dest: You might overrun the 128 byte fixed-size string fwd_modes
by copying fwd_eng->fwd_mode_name without checking the length.
Fixes: 769ce6b17835 ("app/testpmd: list forwarding engines")
Signed-off-by: Tomasz Kulasek <tomaszx.kulasek at intel.com>
---
app/test-pmd/config.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/app/test-pmd/config.c b/app/test-pmd/config.c
index b1bbec6..fff2d96 100644
--- a/app/test-pmd/config.c
+++ b/app/test-pmd/config.c
@@ -1673,8 +1673,10 @@ list_pkt_forwarding_modes(void)
if (strlen (fwd_modes) == 0) {
while ((fwd_eng = fwd_engines[i++]) != NULL) {
- strcat(fwd_modes, fwd_eng->fwd_mode_name);
- strcat(fwd_modes, separator);
+ strncat(fwd_modes, fwd_eng->fwd_mode_name,
sizeof(fwd_modes) -
+ strlen(fwd_modes) - 1);
+ strncat(fwd_modes, separator, sizeof(fwd_modes) -
strlen(fwd_modes)
+ - 1);
}
fwd_modes[strlen(fwd_modes) - strlen(separator)] = '\0';
}
--
1.7.9.5
