From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f45.google.com (mail-wm0-f45.google.com [74.125.82.45]) by dpdk.org (Postfix) with ESMTP id DDD4799A6 for ; Mon, 31 Jul 2017 12:29:18 +0200 (CEST) Received: by mail-wm0-f45.google.com with SMTP id m85so165819183wma.1 for ; Mon, 31 Jul 2017 03:29:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=6wind-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=I9lcGc2lxBkNn5W9MUcN6p+G9BhOgH7KJ1oNySR+Uy0=; b=eTa97B0wQX+b+4tePf+QbpFYGgyb+5qWf6hU5dyBPak0uapYbLOTZTJHpkaFTWPa8t R9JrEEFdaHi9M069rgGq9y0u7gy03nEqBppZZqDHw89m4hDsTzzYccRQ0Tj1c2zPJ4V5 L/4tgr7sFLQTJKMCNYXVLq0Rgab6WPoahrLuh0fc9G8q9DwoXjuh+ZVCVWbYde1NaptI UDRhCMPvHajmiH5VtfM9zY4/njpFXSACVoGOSjkrs1O2XIaADARYsfIKNRleNinEBFbR vc9Kpph2tkHml4AiSme2WBF5xs8u3s2yPzrzLm2n9gPLHGsyBSAguCvJbOeLvvFt4HPS 3jGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=I9lcGc2lxBkNn5W9MUcN6p+G9BhOgH7KJ1oNySR+Uy0=; b=b5wH0OpRK5xiuQWAY9VQ9SEIAK5Cnuk+AGVKS2ZEdH078wu5rDSWqis7OZoblbnd+Q 3KHvskTJ1gD6BOA6DTrosR2SCGawjpfmKjQFBUOE5NBrpomn3TiT95I+nLsG8IEyu1se K1Nsh1FP6I8DcIFaaxhG+wvqtwrElUfST5+SsifZfc1XjfhpjfsAAqrZ3ce6d/oY5Z3K SwhcvAZt+qcuNBVh7ftYSuFVdGydQsivt0KdRbk/VD1gs5NSbXHXC3UepF6CpBS7S7nR ps9iK94elFd0Gy4H4F3EMzqNj9QAvFZgO+mre+lesZRdEAyXnQjf1Gtla5ZN8ls5XYG0 QL3w== X-Gm-Message-State: AIVw111NfOfZS7kjwQwCp2nPl75T/NLkHd7qaPIXig+yggWiJJXhrhb6 txLOst40V7jBJZv3Rbc= X-Received: by 10.28.11.131 with SMTP id 125mr2650533wml.82.1501496958040; Mon, 31 Jul 2017 03:29:18 -0700 (PDT) Received: from bidouze.dev.6wind.com (host.78.145.23.62.rev.coltfrance.com. [62.23.145.78]) by smtp.gmail.com with ESMTPSA id w71sm9687528wmd.6.2017.07.31.03.29.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 31 Jul 2017 03:29:17 -0700 (PDT) From: Gaetan Rivet To: dev@dpdk.org Cc: Gaetan Rivet , Ferruh Yigit Date: Mon, 31 Jul 2017 12:29:02 +0200 Message-Id: <1757afd2673591a59ebd69cef7b569d344f20e7c.1501496827.git.gaetan.rivet@6wind.com> X-Mailer: git-send-email 2.1.4 Subject: [dpdk-dev] [PATCH] ethdev: fix invalid length write on dev detach X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jul 2017 10:29:19 -0000 The name of a device is copied in a provided buffer within rte_eth_dev_detach(). The current sizeof is done on a pointer instead of the intended array usually pointed to. The name field of an rte_device is not assured however to point an rte_devargs name field. The almost correct length to base this copy over is thus RTE_DEV_NAME_MAX_LEN. Almost correct, because unfortunately this function does not allow the user to pass down a size parameter for the buffer it is meant to write. This API should be fixed, it is broken by design. Fixes: a1e7c17555e8 ("ethdev: use device name from device structure") Cc: Ferruh Yigit Signed-off-by: Gaetan Rivet --- lib/librte_ether/rte_ethdev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/librte_ether/rte_ethdev.c b/lib/librte_ether/rte_ethdev.c index 805ef63..0597641 100644 --- a/lib/librte_ether/rte_ethdev.c +++ b/lib/librte_ether/rte_ethdev.c @@ -436,8 +436,8 @@ rte_eth_dev_detach(uint8_t port_id, char *name) if (rte_eth_dev_is_detachable(port_id)) goto err; - snprintf(name, sizeof(rte_eth_devices[port_id].device->name), - "%s", rte_eth_devices[port_id].device->name); + snprintf(name, RTE_DEV_NAME_MAX_LEN, "%s", + rte_eth_devices[port_id].device->name); ret = rte_eal_dev_detach(rte_eth_devices[port_id].device); if (ret < 0) -- 2.1.4