From 99218e76fec87681053ea207ae2ae2253827c56a Mon Sep 17 00:00:00 2001 From: Pablo de Lara Date: Thu, 7 Apr 2016 14:23:09 +0100 Subject: [PATCH] examples/l2fwd-crypto: fix string overflow When parsing crypto device type, the string was being copied with strcpy(), which could overflow the destination buffer (which is 32 byte long), so snprintf() should be used instead. This fixes coverity issue 124575: /examples/l2fwd-crypto/main.c: 1005 in l2fwd_crypto_parse_args_long_options() >>> CID 124575: (STRING_OVERFLOW) >>> You might overrun the 32 byte fixed-size string "options->string_auth_algo" by copying "optarg" without checking the length. 1005 strcpy(options->string_auth_algo, optarg); Fixes: 49f79e86480d ("examples/l2fwd-crypto: add missing string initialization") Signed-off-by: Pablo de Lara Acked-by: Declan Doherty --- examples/l2fwd-crypto/main.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c index 182dc56ab5..d4e2d8de0e 100644 --- a/examples/l2fwd-crypto/main.c +++ b/examples/l2fwd-crypto/main.c @@ -1012,7 +1012,8 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options, if (strcmp(lgopts[option_index].name, "cdev_type") == 0) { retval = parse_cryptodev_type(&options->type, optarg); if (retval == 0) - strcpy(options->string_type, optarg); + snprintf(options->string_type, MAX_STR_LEN, + "%s", optarg); return retval; } -- 2.20.1