On Wed, Aug 02, 2023 at 02:21:01PM -0700, Tyler Retzlaff wrote:
> strlcpy returns type size_t when directly assigning to
> struct rte_tel_data data_len field it may be truncated leading to
> compromised length check that follows
>
> Since the limit in the check is < UINT_MAX the value returned is
> safe to be cast to unsigned int (which may be narrower than size_t)
> but only after being checked against RTE_TEL_MAX_SINGLE_STRING_LEN
>
> Signed-off-by: Tyler Retzlaff <roret...@linux.microsoft.com>
> ---
Acked-by: Bruce Richardson <bruce.richard...@intel.com>
This probably should be marked as a fix for backport.
> lib/telemetry/telemetry_data.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/lib/telemetry/telemetry_data.c b/lib/telemetry/telemetry_data.c
> index 3b1a240..52307cb 100644
> --- a/lib/telemetry/telemetry_data.c
> +++ b/lib/telemetry/telemetry_data.c
> @@ -41,12 +41,13 @@
> int
> rte_tel_data_string(struct rte_tel_data *d, const char *str)
> {
> + const size_t len = strlcpy(d->data.str, str, sizeof(d->data.str));
> d->type = TEL_STRING;
> - d->data_len = strlcpy(d->data.str, str, sizeof(d->data.str));
> - if (d->data_len >= RTE_TEL_MAX_SINGLE_STRING_LEN) {
> + if (len >= RTE_TEL_MAX_SINGLE_STRING_LEN) {
> d->data_len = RTE_TEL_MAX_SINGLE_STRING_LEN - 1;
> return E2BIG; /* not necessarily and error, just truncation */
> }
> + d->data_len = (unsigned int)len;
> return 0;
> }
>
> --
> 1.8.3.1
>
