Commit e6774495 authored May 22, 2023 by Marcin Spiewak Committed by Tomasz Zawadzki May 22, 2023

nvme_tcp: psk_cpy might not be NULL-terminated



Fixed issue found by Klocwork scan.
psk_cpy might not be NULL-terminanted, if length of
psk_in is SPDK_TLS_PSK_MAX_LEN. Then after copy:
   memcpy(psk_cpy, psk_in, strlen(psk_in));
the psk_cpy buffer might be filled up to the last
character, not leaving space for NULL terminating
the string.

Change-Id: Ie09163af9890fee2de774a2b3e12aa8226c52e91
Signed-off-by: Marcin Spiewak <marcin.spiewak@intel.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/18255


Reviewed-by: Tomasz Zawadzki <tomasz.zawadzki@intel.com>
Community-CI: Mellanox Build Bot
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Konrad Sztyber <konrad.sztyber@intel.com>
Reviewed-by: Krzysztof Karas <krzysztof.karas@intel.com>

parent 2d355b3a

include/spdk_internal/nvme_tcp.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -820,7 +820,7 @@ nvme_tcp_parse_interchange_psk(const char psk_in, uint8_t psk_out, size_t psk_
		return -EINVAL;
		}

		if (strlen(psk_in) > SPDK_TLS_PSK_MAX_LEN) {
		if (strlen(psk_in) >= SPDK_TLS_PSK_MAX_LEN) {
		SPDK_ERRLOG("PSK interchange exceeds maximum %d characters!\n", SPDK_TLS_PSK_MAX_LEN);
		return -EINVAL;
		}