From: Ciara Power <ciara.power@intel.com>
Date: Tue, 12 May 2020 15:29:02 +0000 (+0100)
Subject: telemetry: fix buffer overrun if max bytes read
X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=a0c21662b4ee323966693093b0f704fa797e3f17;p=dpdk.git

telemetry: fix buffer overrun if max bytes read

If 1024 bytes were received over the socket, this caused
buffer_recvf[bytes] to overrun the array. The size of the buffer - 1 is
now passed to the read function.

Coverity issue: 358442
Fixes: b80fe1805eee ("telemetry: introduce backward compatibility")

Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Kevin Laatz <kevin.laatz@intel.com>
---

diff --git a/lib/librte_telemetry/telemetry_legacy.c b/lib/librte_telemetry/telemetry_legacy.c
index 2de9021349..a341fe4ebd 100644
--- a/lib/librte_telemetry/telemetry_legacy.c
+++ b/lib/librte_telemetry/telemetry_legacy.c
@@ -217,7 +217,7 @@ legacy_client_handler(void *sock_id)
 	int ret;
 	char buffer_recv[BUF_SIZE];
 	/* receive data is not null terminated */
-	int bytes = read(s, buffer_recv, sizeof(buffer_recv));
+	int bytes = read(s, buffer_recv, sizeof(buffer_recv) - 1);
 
 	while (bytes > 0) {
 		buffer_recv[bytes] = 0;
@@ -234,7 +234,7 @@ legacy_client_handler(void *sock_id)
 			if (ret < 0)
 				printf("\nCould not send error response\n");
 		}
-		bytes = read(s, buffer_recv, sizeof(buffer_recv));
+		bytes = read(s, buffer_recv, sizeof(buffer_recv) - 1);
 	}
 	close(s);
 	return NULL;