https://bugs.linaro.org/show_bug.cgi?id=1512
Bug ID: 1512
Summary: CID 90144: STRING_OVERFLOW: odp_classifier.c
Product: OpenDataPlane
Version: 1.0.3
Hardware: Other
OS: Linux
Status: UNCONFIRMED
Severity: enhancement
Priority: ---
Component: Classification
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
*** CID 90144: (STRING_OVERFLOW)
/example/classifier/odp_classifier.c: 658 in parse_pmr_policy()
652 usage(argv[0]);
653 exit(EXIT_FAILURE);
654 }
655
656 /* Queue Name */
657 token = strtok(NULL, ":");
>>> CID 90144: (STRING_OVERFLOW)
>>> You might overrun the 32 byte fixed-size string "(stats +
>>> policy_count).queue_name" by copying "token" without checking the length.
658 strcpy(stats[policy_count].queue_name, token);
659 appl_args->policy_count++;
660 free(pmr_str);
661 return 0;
662 }
663
/example/classifier/odp_classifier.c: 634 in parse_pmr_policy()
628
629 /* PMR value */
630 switch (term) {
631 case ODP_PMR_SIP_ADDR:
632 if (stats[policy_count].match_type == ODP_PMR_MASK) {
633 token = strtok(NULL, ":");
>>> CID 90144: (STRING_OVERFLOW)
>>> You might overrun the 32 byte fixed-size string "(stats +
>>> policy_count).value1" by copying "token" without checking the length.
634 strcpy(stats[policy_count].value1, token);
635 parse_ipv4_addr(token,
&stats[policy_count].match.val);
636 token = strtok(NULL, ":");
637 strcpy(stats[policy_count].value2, token);
638 parse_ipv4_mask(token,
&stats[policy_count].match.mask);
639 stats[policy_count].val_sz = 4;
/example/classifier/odp_classifier.c: 642 in parse_pmr_policy()
636 token = strtok(NULL, ":");
637 strcpy(stats[policy_count].value2, token);
638 parse_ipv4_mask(token,
&stats[policy_count].match.mask);
639 stats[policy_count].val_sz = 4;
640 } else {
641 token = strtok(NULL, ":");
>>> CID 90144: (STRING_OVERFLOW)
>>> You might overrun the 32 byte fixed-size string "(stats +
>>> policy_count).value1" by copying "token" without checking the length.
642 strcpy(stats[policy_count].value1,
643 token);
644 parse_ipv4_addr(token,
&stats[policy_count].range.val1);
645 token = strtok(NULL, ":");
646 strcpy(stats[policy_count].value2, token);
647 parse_ipv4_addr(token,
&stats[policy_count].range.val2);
/example/classifier/odp_classifier.c: 637 in parse_pmr_policy()
631 case ODP_PMR_SIP_ADDR:
632 if (stats[policy_count].match_type == ODP_PMR_MASK) {
633 token = strtok(NULL, ":");
634 strcpy(stats[policy_count].value1, token);
635 parse_ipv4_addr(token,
&stats[policy_count].match.val);
636 token = strtok(NULL, ":");
>>> CID 90144: (STRING_OVERFLOW)
>>> You might overrun the 32 byte fixed-size string "(stats +
>>> policy_count).value2" by copying "token" without checking the length.
637 strcpy(stats[policy_count].value2, token);
638 parse_ipv4_mask(token,
&stats[policy_count].match.mask);
639 stats[policy_count].val_sz = 4;
640 } else {
641 token = strtok(NULL, ":");
642 strcpy(stats[policy_count].value1,
/example/classifier/odp_classifier.c: 646 in parse_pmr_policy()
640 } else {
641 token = strtok(NULL, ":");
642 strcpy(stats[policy_count].value1,
643 token);
644 parse_ipv4_addr(token,
&stats[policy_count].range.val1);
645 token = strtok(NULL, ":");
>>> CID 90144: (STRING_OVERFLOW)
>>> You might overrun the 32 byte fixed-size string "(stats +
>>> policy_count).value2" by copying "token" without checking the length.
646 strcpy(stats[policy_count].value2, token);
647 parse_ipv4_addr(token,
&stats[policy_count].range.val2);
648 stats[policy_count].val_sz = 4;
649 }
650 break;
651 default:
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
lng-odp mailing list
[email protected]
https://lists.linaro.org/mailman/listinfo/lng-odp
