On 1/14/2019 6:04 AM, Chaitanya Babu Talluri wrote:
> Strcat does not check the destination length and there might be
> chances of string overflow so insted of strcat, strncat is used.
>
> Fixes: 540a211084 ("bnx2x: driver core")
> Fixes: e163c18a15 ("net/i40e: update ptype and pctype info")
> Fixes: ef28aa96e5 ("net/nfp: support multiprocess")
> Fixes: 6f4eec2565 ("test/crypto: enhance scheduler unit tests")
> Cc: sta...@dpdk.org
>
> Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.b...@intel.com>
<...>
> @@ -685,11 +687,11 @@ nfp_acquire_secondary_process_lock(struct nfp_pcie_user
> *desc)
> * driver is used because that implies root user.
> */
> home_path = getenv("HOME");
> - lockfile = calloc(strlen(home_path) + strlen(lockname) + 1,
> + lockfile = calloc(LOCKFILE_HOME_PATH + strlen(lockname) + 1,
> sizeof(char));
>
> - strcat(lockfile, home_path);
> - strcat(lockfile, "/.lock_nfp_secondary");
> + strncat(lockfile, home_path, LOCKFILE_HOME_PATH);
> + strncat(lockfile, lockname, strlen(lockfile));
I guess this need to be 'LOCKFILE_HOME_PATH - strlen(lockfile) - 1' instead.
But also this can be implemented as 'snprintf()'
Since 'lockfile' allocated dynamically based on sizes of existing strings, using
'lockname' instead of "/.lock_nfp_secondary" will show that there won't be any
overflow but tools still may be complaining about 'strcat' usage.
