From: Pallantla Poornima Date: Mon, 7 Jan 2019 10:46:23 +0000 (+0000) Subject: drivers: fix sprintf with snprintf X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=a1e8241a919f7239d16e63fbc41549b2c951e1ae;p=dpdk.git drivers: fix sprintf with snprintf sprintf function is not secure as it doesn't check the length of string. More secure function snprintf is used Fixes: 828d51d8fc ("bus/fslmc: refactor scan and probe functions") Fixes: c22fab9a6c ("raw/dpaa2_qdma: support configuration APIs") Fixes: e5cbdfc537 ("crypto/dpaa2_sec: add basic operations") Fixes: b23d4e898a ("crypto/dpaa2_sec: add per dev mempool to store FLE") Fixes: 623326dded ("crypto/dpaa2_sec: introduce poll mode driver") Fixes: e7a45f3cc2 ("crypto/caam_jr: add UIO specific operations") Fixes: f44bccadd8 ("crypto/caam_jr: add device basic operations") Fixes: 7e3e2954e0 ("crypto/dpaa_sec: move mempool allocation to config") Fixes: c3e85bdcc6 ("crypto/dpaa_sec: add crypto driver for NXP DPAA platform") Cc: stable@dpdk.org Signed-off-by: Pallantla Poornima Acked-by: Akhil Goyal --- diff --git a/drivers/bus/fslmc/fslmc_bus.c b/drivers/bus/fslmc/fslmc_bus.c index fa15053774..44c0827ced 100644 --- a/drivers/bus/fslmc/fslmc_bus.c +++ b/drivers/bus/fslmc/fslmc_bus.c @@ -297,8 +297,8 @@ rte_fslmc_scan(void) goto scan_fail; /* Scan devices on the group */ - sprintf(fslmc_dirpath, "%s/%d/devices", VFIO_IOMMU_GROUP_PATH, - groupid); + snprintf(fslmc_dirpath, sizeof(fslmc_dirpath), "%s/%d/devices", + VFIO_IOMMU_GROUP_PATH, groupid); dir = opendir(fslmc_dirpath); if (!dir) { DPAA2_BUS_ERR("Unable to open VFIO group directory"); diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c index 45b2813317..0263170fd7 100644 --- a/drivers/crypto/caam_jr/caam_jr.c +++ b/drivers/crypto/caam_jr/caam_jr.c @@ -2011,7 +2011,7 @@ caam_jr_dev_configure(struct rte_cryptodev *dev, PMD_INIT_FUNC_TRACE(); internals = dev->data->dev_private; - sprintf(str, "ctx_pool_%d", dev->data->dev_id); + snprintf(str, sizeof(str), "ctx_pool_%d", dev->data->dev_id); if (!internals->ctx_pool) { internals->ctx_pool = rte_mempool_create((const char *)str, CTX_POOL_NUM_BUFS, diff --git a/drivers/crypto/caam_jr/caam_jr_uio.c b/drivers/crypto/caam_jr/caam_jr_uio.c index d94101c2ff..bf872a220a 100644 --- a/drivers/crypto/caam_jr/caam_jr_uio.c +++ b/drivers/crypto/caam_jr/caam_jr_uio.c @@ -284,11 +284,11 @@ uio_map_registers(int uio_device_fd, int uio_device_id, memset(uio_map_size_str, 0, sizeof(uio_map_size_str)); /* Compose string: /sys/class/uio/uioX */ - sprintf(uio_sys_root, "%s/%s%d", SEC_UIO_DEVICE_SYS_ATTR_PATH, - "uio", uio_device_id); + snprintf(uio_sys_root, sizeof(uio_sys_root), "%s/%s%d", + SEC_UIO_DEVICE_SYS_ATTR_PATH, "uio", uio_device_id); /* Compose string: maps/mapY */ - sprintf(uio_sys_map_subdir, "%s%d", SEC_UIO_DEVICE_SYS_MAP_ATTR, - uio_map_id); + snprintf(uio_sys_map_subdir, sizeof(uio_sys_map_subdir), "%s%d", + SEC_UIO_DEVICE_SYS_MAP_ATTR, uio_map_id); /* Read first (and only) line from file * /sys/class/uio/uioX/maps/mapY/size @@ -389,9 +389,8 @@ uio_job_ring *config_job_ring(void) /* Find UIO device created by SEC kernel driver for this job ring. */ memset(uio_device_file_name, 0, sizeof(uio_device_file_name)); - - sprintf(uio_device_file_name, "%s%d", SEC_UIO_DEVICE_FILE_NAME, - job_ring->uio_minor_number); + snprintf(uio_device_file_name, sizeof(uio_device_file_name), "%s%d", + SEC_UIO_DEVICE_FILE_NAME, job_ring->uio_minor_number); /* Open device file */ job_ring->uio_fd = open(uio_device_file_name, O_RDWR); diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c index ef6e9c151e..c2c22515db 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c @@ -3371,14 +3371,15 @@ dpaa2_sec_dev_init(struct rte_cryptodev *cryptodev) retcode); goto init_error; } - sprintf(cryptodev->data->name, "dpsec-%u", hw_id); + snprintf(cryptodev->data->name, sizeof(cryptodev->data->name), + "dpsec-%u", hw_id); internals->max_nb_queue_pairs = attr.num_tx_queues; cryptodev->data->nb_queue_pairs = internals->max_nb_queue_pairs; internals->hw = dpseci; internals->token = token; - sprintf(str, "fle_pool_%d", cryptodev->data->dev_id); + snprintf(str, sizeof(str), "fle_pool_%d", cryptodev->data->dev_id); internals->fle_pool = rte_mempool_create((const char *)str, FLE_POOL_NUM_BUFS, FLE_POOL_BUF_SIZE, @@ -3409,7 +3410,8 @@ cryptodev_dpaa2_sec_probe(struct rte_dpaa2_driver *dpaa2_drv __rte_unused, int retval; - sprintf(cryptodev_name, "dpsec-%d", dpaa2_dev->object_id); + snprintf(cryptodev_name, sizeof(cryptodev_name), "dpsec-%d", + dpaa2_dev->object_id); cryptodev = rte_cryptodev_pmd_allocate(cryptodev_name, rte_socket_id()); if (cryptodev == NULL) diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c index 5caceef3f1..39533a9cc0 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c @@ -2469,7 +2469,7 @@ dpaa_sec_dev_configure(struct rte_cryptodev *dev, PMD_INIT_FUNC_TRACE(); internals = dev->data->dev_private; - sprintf(str, "ctx_pool_%d", dev->data->dev_id); + snprintf(str, sizeof(str), "ctx_pool_%d", dev->data->dev_id); if (!internals->ctx_pool) { internals->ctx_pool = rte_mempool_create((const char *)str, CTX_POOL_NUM_BUFS, @@ -2675,7 +2675,8 @@ cryptodev_dpaa_sec_probe(struct rte_dpaa_driver *dpaa_drv __rte_unused, int retval; - sprintf(cryptodev_name, "dpaa_sec-%d", dpaa_dev->id.dev_id); + snprintf(cryptodev_name, sizeof(cryptodev_name), "dpaa_sec-%d", + dpaa_dev->id.dev_id); cryptodev = rte_cryptodev_pmd_allocate(cryptodev_name, rte_socket_id()); if (cryptodev == NULL) diff --git a/drivers/raw/dpaa2_qdma/dpaa2_qdma.c b/drivers/raw/dpaa2_qdma/dpaa2_qdma.c index f474442d4a..60621eb85d 100644 --- a/drivers/raw/dpaa2_qdma/dpaa2_qdma.c +++ b/drivers/raw/dpaa2_qdma/dpaa2_qdma.c @@ -313,7 +313,7 @@ rte_qdma_vq_create(uint32_t lcore_id, uint32_t flags) qdma_vqs[i].exclusive_hw_queue = 1; } else { /* Allocate a Ring for Virutal Queue in VQ mode */ - sprintf(ring_name, "status ring %d", i); + snprintf(ring_name, sizeof(ring_name), "status ring %d", i); qdma_vqs[i].status_ring = rte_ring_create(ring_name, qdma_dev.fle_pool_count, rte_socket_id(), 0); if (!qdma_vqs[i].status_ring) {