telemetry: fix buffer overrun if max bytes read

If 1024 bytes were received over the socket, this caused
buffer_recvf[bytes] to overrun the array. The size of the buffer - 1 is
now passed to the read function.

Coverity issue: 358442
Fixes: b80fe1805eee ("telemetry: introduce backward compatibility")

Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Kevin Laatz <kevin.laatz@intel.com>

diff --git a/lib/librte_telemetry/telemetry_legacy.c b/lib/librte_telemetry/telemetry_legacy.c
index 2de9021..a341fe4 100644 (file)
--- a/lib/librte_telemetry/telemetry_legacy.c
+++ b/lib/librte_telemetry/telemetry_legacy.c
@@ -217,7 +217,7 @@ legacy_client_handler(void *sock_id)
        int ret;
        char buffer_recv[BUF_SIZE];
        /* receive data is not null terminated */
-       int bytes = read(s, buffer_recv, sizeof(buffer_recv));
+       int bytes = read(s, buffer_recv, sizeof(buffer_recv) - 1);
 
        while (bytes > 0) {
                buffer_recv[bytes] = 0;
@@ -234,7 +234,7 @@ legacy_client_handler(void *sock_id)
                        if (ret < 0)
                                printf("\nCould not send error response\n");
                }
-               bytes = read(s, buffer_recv, sizeof(buffer_recv));
+               bytes = read(s, buffer_recv, sizeof(buffer_recv) - 1);
        }
        close(s);
        return NULL;