From fef6b216390f33c066ea15e9de7845dfc3ab6d6a Mon Sep 17 00:00:00 2001
From: Pallantla Poornima <pallantlax.poornima@intel.com>
Date: Mon, 4 Feb 2019 07:23:48 +0000
Subject: [PATCH] net/softnic: fix possible buffer overflow

sprintf function is not secure as it doesn't check the length of string.
More secure function snprintf is used.

Fixes: daabf2fb949b ("net/softnic: map flow action to table action")
Cc: stable@dpdk.org

Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
---
 drivers/net/softnic/rte_eth_softnic_flow.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/net/softnic/rte_eth_softnic_flow.c b/drivers/net/softnic/rte_eth_softnic_flow.c
index 21e7530014..aefc384dc2 100644
--- a/drivers/net/softnic/rte_eth_softnic_flow.c
+++ b/drivers/net/softnic/rte_eth_softnic_flow.c
@@ -1283,7 +1283,8 @@ flow_rule_action_get(struct pmd_internals *softnic,
 					action,
 					"QUEUE: Invalid RX queue ID");
 
-			sprintf(name, "RXQ%u", (uint32_t)conf->index);
+			snprintf(name, sizeof(name), "RXQ%u",
+					(uint32_t)conf->index);
 
 			status = softnic_pipeline_port_out_find(softnic,
 				pipeline->name,
@@ -1373,7 +1374,7 @@ flow_rule_action_get(struct pmd_internals *softnic,
 						action,
 						"RSS: Invalid RX queue ID");
 
-				sprintf(name, "RXQ%u",
+				snprintf(name, sizeof(name), "RXQ%u",
 					(uint32_t)conf->queue[i]);
 
 				status = softnic_pipeline_port_out_find(softnic,
-- 
2.20.1