d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

telemetry: fix buffer overrun if max bytes read

Browse Source 
If 1024 bytes were received over the socket, this caused
buffer_recvf[bytes] to overrun the array. The size of the buffer - 1 is
now passed to the read function.

Coverity issue: 358442
Fixes: b80fe1805eee ("telemetry: introduce backward compatibility")

Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Kevin Laatz <kevin.laatz@intel.com>
This commit is contained in:
Ciara Power 2020-05-12 16:29:02 +01:00 committed by Thomas Monjalon
parent 07580a734b
commit a0c21662b4
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/librte_telemetry/telemetry_legacy.c
View File

@ -217,7 +217,7 @@ legacy_client_handler(void *sock_id)
int ret; int ret;
char buffer_recv[BUF_SIZE]; char buffer_recv[BUF_SIZE];
/* receive data is not null terminated */ /* receive data is not null terminated */
int bytes = read(s, buffer_recv, sizeof(buffer_recv)); int bytes = read(s, buffer_recv, sizeof(buffer_recv) - 1);
while (bytes > 0) { while (bytes > 0) {
buffer_recv[bytes] = 0; buffer_recv[bytes] = 0;
@ -234,7 +234,7 @@ legacy_client_handler(void *sock_id)
if (ret < 0) if (ret < 0)
printf("\nCould not send error response\n"); printf("\nCould not send error response\n");
} }
bytes = read(s, buffer_recv, sizeof(buffer_recv)); bytes = read(s, buffer_recv, sizeof(buffer_recv) - 1);
} }
close(s); close(s);
return NULL; return NULL;