[PATCH v7 2/7] pcapng: use malloc instead of fixed buffer size

Fri, 13 Feb 2026 11:21:03 -0800 

The administrative APIs accept comments and other metadata as
strings. Since these strings can be arbitrarily long (up to
UINT16_MAX bytes), they may overflow the fixed-size stack buffers
previously used for block construction.

Replace the fixed-size buffers with dynamically allocated memory
sized to the actual block length. Return appropriate error codes
on allocation failure.

Bugzilla ID: 1820
Fixes: 8d23ce8f5ee9 ("pcapng: add new library for writing pcapng files")
Cc: [email protected]

Signed-off-by: Stephen Hemminger <[email protected]>
---
 lib/pcapng/rte_pcapng.c | 44 ++++++++++++++++++++++++++---------------
 lib/pcapng/rte_pcapng.h |  1 +
 2 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/lib/pcapng/rte_pcapng.c b/lib/pcapng/rte_pcapng.c
index 4ccf833777..413e6f1f4a 100644
--- a/lib/pcapng/rte_pcapng.c
+++ b/lib/pcapng/rte_pcapng.c
@@ -37,9 +37,6 @@
 /* upper bound for strings in pcapng option data */
 #define PCAPNG_STR_MAX UINT16_MAX
 
-/* upper bound for section, stats and interface blocks (in uint32_t) */
-#define PCAPNG_BLKSIZ  (2048 / sizeof(uint32_t))
-
 /* Format of the capture file handle */
 struct rte_pcapng {
        int  outfd;             /* output file */
@@ -148,8 +145,9 @@ pcapng_section_block(rte_pcapng_t *self,
 {
        struct pcapng_section_header *hdr;
        struct pcapng_option *opt;
-       uint32_t buf[PCAPNG_BLKSIZ];
+       uint32_t *buf;
        uint32_t len;
+       ssize_t ret;
 
        len = sizeof(*hdr);
        if (hw)
@@ -165,8 +163,9 @@ pcapng_section_block(rte_pcapng_t *self,
        len += pcapng_optlen(0);
        len += sizeof(uint32_t);
 
-       if (len > sizeof(buf))
-               return -1;
+       buf = malloc(len);
+       if (buf == NULL)
+               return -ENOMEM;
 
        hdr = (struct pcapng_section_header *)buf;
        *hdr = (struct pcapng_section_header) {
@@ -199,7 +198,9 @@ pcapng_section_block(rte_pcapng_t *self,
        /* clone block_length after option */
        memcpy(opt, &hdr->block_length, sizeof(uint32_t));
 
-       return write(self->outfd, buf, len);
+       ret = write(self->outfd, buf, len);
+       free(buf);
+       return ret < 0 ? -errno : 0;
 }
 
 /* Write an interface block for a DPDK port */
@@ -217,7 +218,7 @@ rte_pcapng_add_interface(rte_pcapng_t *self, uint16_t port, 
uint16_t link_type,
        struct pcapng_option *opt;
        const uint8_t tsresol = 9;      /* nanosecond resolution */
        uint32_t len;
-       uint32_t buf[PCAPNG_BLKSIZ];
+       uint32_t *buf;
        char ifname_buf[IF_NAMESIZE];
        char ifhw[256];
        uint64_t speed = 0;
@@ -279,8 +280,9 @@ rte_pcapng_add_interface(rte_pcapng_t *self, uint16_t port, 
uint16_t link_type,
        len += pcapng_optlen(0);
        len += sizeof(uint32_t);
 
-       if (len > sizeof(buf))
-               return -EINVAL;
+       buf = malloc(len);
+       if (buf == NULL)
+               return -ENOMEM;
 
        hdr = (struct pcapng_interface_block *)buf;
        *hdr = (struct pcapng_interface_block) {
@@ -326,7 +328,9 @@ rte_pcapng_add_interface(rte_pcapng_t *self, uint16_t port, 
uint16_t link_type,
        /* remember the file index */
        self->port_index[port] = self->ports++;
 
-       return write(self->outfd, buf, len);
+       ret = write(self->outfd, buf, len);
+       free(buf);
+       return ret;
 }
 
 /*
@@ -343,7 +347,8 @@ rte_pcapng_write_stats(rte_pcapng_t *self, uint16_t port_id,
        uint64_t start_time = self->offset_ns;
        uint64_t sample_time;
        uint32_t optlen, len;
-       uint32_t buf[PCAPNG_BLKSIZ];
+       uint32_t *buf;
+       ssize_t ret;
 
        RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
 
@@ -366,8 +371,9 @@ rte_pcapng_write_stats(rte_pcapng_t *self, uint16_t port_id,
                optlen += pcapng_optlen(0);
 
        len = sizeof(*hdr) + optlen + sizeof(uint32_t);
-       if (len > sizeof(buf))
-               return -1;
+       buf = malloc(len);
+       if (buf == NULL)
+               return -ENOMEM;
 
        hdr = (struct pcapng_statistics *)buf;
        opt = (struct pcapng_option *)(hdr + 1);
@@ -398,7 +404,9 @@ rte_pcapng_write_stats(rte_pcapng_t *self, uint16_t port_id,
        /* clone block_length after option */
        memcpy(opt, &len, sizeof(uint32_t));
 
-       return write(self->outfd, buf, len);
+       ret = write(self->outfd, buf, len);
+       free(buf);
+       return ret;
 }
 
 RTE_EXPORT_SYMBOL(rte_pcapng_mbuf_size)
@@ -712,6 +720,7 @@ rte_pcapng_fdopen(int fd,
        rte_pcapng_t *self;
        struct timespec ts;
        uint64_t cycles;
+       int ret;
 
        if ((osname && strlen(osname) > PCAPNG_STR_MAX) ||
            (hardware && strlen(hardware) > PCAPNG_STR_MAX) ||
@@ -739,8 +748,11 @@ rte_pcapng_fdopen(int fd,
        for (i = 0; i < RTE_MAX_ETHPORTS; i++)
                self->port_index[i] = UINT32_MAX;
 
-       if (pcapng_section_block(self, osname, hardware, appname, comment) < 0)
+       ret = pcapng_section_block(self, osname, hardware, appname, comment);
+       if (ret < 0) {
+               rte_errno = -ret;
                goto fail;
+       }
 
        return self;
 fail:
diff --git a/lib/pcapng/rte_pcapng.h b/lib/pcapng/rte_pcapng.h
index 2dd438842d..ff39fa7b49 100644
--- a/lib/pcapng/rte_pcapng.h
+++ b/lib/pcapng/rte_pcapng.h
@@ -200,6 +200,7 @@ rte_pcapng_write_packets(rte_pcapng_t *self,
  *   -1 on failure to write file (and errno is set)
  *   - (-ENODEV) if *port_id* is invalid.
  *   - (-EINVAL) if bad parameter
+ *   - (-ENOMEM) could not allocate memory for buffer
  */
 ssize_t
 rte_pcapng_write_stats(rte_pcapng_t *self, uint16_t port,
-- 
2.51.0

Reply via email to