From: Andy Green <andy@warmcat.com>
To: dev@dpdk.org
Subject: [PATCH v4 02/18] net/nfp: solve buffer overflow
Date: Fri, 11 May 2018 09:45:25 +0800 [thread overview]
Message-ID: <152600312580.53146.1090136345409468008.stgit@localhost.localdomain> (raw)
In-Reply-To: <152600304856.53146.9681482138854493833.stgit@localhost.localdomain>
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c: In
function ‘nfp_pf_pci_probe’:
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3160:
23: error: ‘%s’ directive writing up to 99 bytes into a
region of size 76 [-Werror=format-overflow=]
sprintf(fw_name, "%s/%s.nffw", DEFAULT_FW_PATH, serial);
Note fw_buf still has to increase somewhat even after
restricting serial[], since otherwise:
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c: In
function ‘nfp_pf_pci_probe’:
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3176:23:
error: ‘%s’ directive writing up to 99 bytes into a region
of size 76 [-Werror=format-overflow=]
sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card);
^~
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3262:32:
err = nfp_fw_upload(dev, nsp, card_desc);
~~~~~~~~~
/home/agreen/projects/dpdk/drivers/net/nfp/nfp_net.c:3176:2:
note: ‘sprintf’ output between 25 and 124 bytes into a
destination of size 100
sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card);
Signed-off-by: Andy Green <andy@warmcat.com>
---
drivers/net/nfp/nfp_net.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/nfp/nfp_net.c b/drivers/net/nfp/nfp_net.c
index 048324ec9..78113b41b 100644
--- a/drivers/net/nfp/nfp_net.c
+++ b/drivers/net/nfp/nfp_net.c
@@ -3144,8 +3144,8 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
struct nfp_cpp *cpp = nsp->cpp;
int fw_f;
char *fw_buf;
- char fw_name[100];
- char serial[100];
+ char fw_name[125];
+ char serial[40];
struct stat file_stat;
off_t fsize, bytes;
next prev parent reply other threads:[~2018-05-11 1:45 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-11 1:45 [PATCH v4 00/18] Fix default build on gcc8.0.1 Andy Green
2018-05-11 1:45 ` [PATCH v4 01/18] devtools/check-git: provide more generic grep pattern Andy Green
2018-05-11 8:11 ` De Lara Guarch, Pablo
2018-05-11 1:45 ` Andy Green [this message]
2018-05-11 8:58 ` [PATCH v4 02/18] net/nfp: solve buffer overflow De Lara Guarch, Pablo
2018-05-11 10:13 ` De Lara Guarch, Pablo
2018-05-11 1:45 ` [PATCH v4 03/18] bus/pci: replace strncpy dangerous code Andy Green
2018-05-11 8:17 ` De Lara Guarch, Pablo
2018-05-11 1:45 ` [PATCH v4 04/18] bus/dpaa: solve inconsistent struct alignment Andy Green
2018-05-11 8:26 ` De Lara Guarch, Pablo
2018-05-11 1:45 ` [PATCH v4 05/18] net/axgbe: solve broken eeprom string comp Andy Green
2018-05-11 10:09 ` De Lara Guarch, Pablo
2018-05-11 1:45 ` [PATCH v4 06/18] net/nfp/nfpcore: solve strncpy misuse Andy Green
2018-05-11 10:26 ` De Lara Guarch, Pablo
2018-05-11 1:45 ` [PATCH v4 07/18] net/nfp/nfpcore: off-by-one and no NUL on strncpy use Andy Green
2018-05-11 10:33 ` De Lara Guarch, Pablo
2018-05-12 1:17 ` Andy Green
2018-05-11 1:45 ` [PATCH v4 08/18] net/nfp: don't memcpy out of source range Andy Green
2018-05-11 10:36 ` De Lara Guarch, Pablo
2018-05-11 1:46 ` [PATCH v4 09/18] net/qede: strncpy length constant and NUL Andy Green
2018-05-11 10:43 ` De Lara Guarch, Pablo
2018-05-11 10:48 ` Andy Green
2018-05-11 12:48 ` De Lara Guarch, Pablo
2018-05-11 13:38 ` Andy Green
2018-05-11 15:14 ` De Lara Guarch, Pablo
2018-05-11 17:13 ` Shaikh, Shahed
2018-05-11 1:46 ` [PATCH v4 10/18] net/qede: solve broken strncpy Andy Green
2018-05-11 10:47 ` De Lara Guarch, Pablo
2018-05-11 1:46 ` [PATCH v4 11/18] net/sfc: correct strncpy length Andy Green
2018-05-11 8:11 ` Andrew Rybchenko
2018-05-11 10:51 ` De Lara Guarch, Pablo
2018-05-12 1:21 ` Andy Green
2018-05-11 1:46 ` [PATCH v4 12/18] net/sfc: solve strncpy size and NUL Andy Green
2018-05-11 8:13 ` Andrew Rybchenko
2018-05-11 10:55 ` De Lara Guarch, Pablo
2018-05-12 1:24 ` Andy Green
2018-05-11 1:46 ` [PATCH v4 13/18] net/vdev_netvsc: readlink inputs cannot be aliased Andy Green
2018-05-11 15:39 ` De Lara Guarch, Pablo
2018-05-11 1:46 ` [PATCH v4 14/18] net/vdev_netvsc: 3 x strncpy misuse Andy Green
2018-05-11 10:58 ` De Lara Guarch, Pablo
2018-05-11 1:46 ` [PATCH v4 15/18] app: can't find include Andy Green
2018-05-11 11:04 ` De Lara Guarch, Pablo
2018-05-11 11:12 ` Andy Green
2018-05-11 13:20 ` De Lara Guarch, Pablo
2018-05-12 0:52 ` Andy Green
2018-05-11 1:46 ` [PATCH v4 16/18] app/proc-info: sprintf overrun bug Andy Green
2018-05-11 12:26 ` De Lara Guarch, Pablo
2018-05-12 1:33 ` Andy Green
2018-05-11 1:46 ` [PATCH v4 17/18] app/test-bbdev: strcpy ok for allocated string Andy Green
2018-05-11 12:55 ` De Lara Guarch, Pablo
2018-05-11 1:46 ` [PATCH v4 18/18] " Andy Green
2018-05-11 13:02 ` De Lara Guarch, Pablo
2018-05-12 1:39 ` Andy Green
2018-05-11 11:14 ` [PATCH v4 00/18] Fix default build on gcc8.0.1 Neil Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=152600312580.53146.1090136345409468008.stgit@localhost.localdomain \
--to=andy@warmcat.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.