On 4/19/21 4:34 PM, Min Hu (Connor) wrote: > From: HongBo Zheng <[email protected]> > > 'strcpy' is called in rte_swx_ctl_table_info_get, this function > is unsafe, use 'strncpy' instead. > > Fixes: 393b96e2aa2a ("pipeline: add SWX pipeline query API") > Cc: [email protected] > > Signed-off-by: HongBo Zheng <[email protected]> > Signed-off-by: Min Hu (Connor) <[email protected]> > --- > lib/librte_pipeline/rte_swx_pipeline.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lib/librte_pipeline/rte_swx_pipeline.c > b/lib/librte_pipeline/rte_swx_pipeline.c > index 4455d91..d4db4dd 100644 > --- a/lib/librte_pipeline/rte_swx_pipeline.c > +++ b/lib/librte_pipeline/rte_swx_pipeline.c > @@ -9447,8 +9447,8 @@ rte_swx_ctl_table_info_get(struct rte_swx_pipeline *p, > if (!t) > return -EINVAL; > > - strcpy(table->name, t->name); > - strcpy(table->args, t->args); > + strncpy(table->name, t->name, RTE_SWX_CTL_NAME_SIZE); > + strncpy(table->args, t->args, RTE_SWX_CTL_NAME_SIZE);
strlcpy() should be used in fact, since strncpy() has problems as well. > table->n_match_fields = t->n_fields; > table->n_actions = t->n_actions; > table->default_action_is_const = t->default_action_is_const; >
