On Thu, 28 May 2026 17:07:48 -0700 Stephen Hemminger <[email protected]> wrote:
> rte_eth_dev_get_name_by_port() uses strcpy() into a caller-provided > buffer with no bounds checking. A mistaken caller that supplies a > buffer smaller than RTE_ETH_NAME_MAX_LEN can overflow the buffer. > > Add a size parameter and replace strcpy() with strlcpy(), returning > -ERANGE if the name is truncated. The copy is now performed under > the ethdev shared data lock so that the name cannot be mutated by > another process between reading and copying. > > The previous ABI is preserved via symbol versioning (DPDK_26) with a > thin wrapper that delegates to the new implementation with > RTE_ETH_NAME_MAX_LEN. The versioned symbol will be removed in 26.11. > > Update all in-tree callers to pass sizeof(name) as the new parameter. > > Signed-off-by: Stephen Hemminger <[email protected]> > Reviewed-by: Andrew Rybchenko <[email protected]> > --- Since function versioning breaks LTO (see Bugzilla). Holding off on this until 26.11 where versioning not needed.
