DPDK patches and discussions
 help / color / mirror / Atom feed
From: "Huang, ZhiminX" <zhiminx.huang@intel.com>
To: Olivier Matz <olivier.matz@6wind.com>, "dev@dpdk.org" <dev@dpdk.org>
Cc: "stable@dpdk.org" <stable@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH] kvargs: fix crash when parsing an invalid token	on FreeBSD
Date: Thu, 30 Apr 2020 09:41:51 +0000	[thread overview]
Message-ID: <1DCDE90B92229844B9E6C0E67C1C8D6B046A1754@CDSMSX102.ccr.corp.intel.com> (raw)
In-Reply-To: <20200429131700.25294-1-olivier.matz@6wind.com>

Tested-by: Huang, ZhiminX <zhiminx.huang@intel.com>

Regards,
HuangZhiMin


-----Original Message-----
From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Olivier Matz
Sent: Wednesday, April 29, 2020 9:17 PM
To: dev@dpdk.org
Cc: stable@dpdk.org
Subject: [dpdk-dev] [PATCH] kvargs: fix crash when parsing an invalid token on FreeBSD

The behavior of strtok_r() is not the same between GNU libc and FreeBSD
libc: in the first case, the context is set to "" when the last token is returned, while in the second case it is set to NULL.

On FreeBSD, the current code crashes because we are dereferencing a NULL pointer (ctx1). Fix it by first checking if it is NULL. This works with both GNU and FreeBSD libc.

Fixes: ffcf831454a9 ("kvargs: fix buffer overflow when parsing list")
Cc: stable@dpdk.org

Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
---
 lib/librte_kvargs/rte_kvargs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/librte_kvargs/rte_kvargs.c b/lib/librte_kvargs/rte_kvargs.c index 1d815dcd9..285081c86 100644
--- a/lib/librte_kvargs/rte_kvargs.c
+++ b/lib/librte_kvargs/rte_kvargs.c
@@ -50,7 +50,7 @@ rte_kvargs_tokenize(struct rte_kvargs *kvlist, const char *params)
 			/* Find the end of the list. */
 			while (str[strlen(str) - 1] != ']') {
 				/* Restore the comma erased by strtok_r(). */
-				if (ctx1[0] == '\0')
+				if (ctx1 == NULL || ctx1[0] == '\0')
 					return -1; /* no closing bracket */
 				str[strlen(str)] = ',';
 				/* Parse until next comma. */
--
2.25.1


  reply	other threads:[~2020-04-30  9:42 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-29 13:17 Olivier Matz
2020-04-30  9:41 ` Huang, ZhiminX [this message]
2020-05-06 13:22 ` [dpdk-dev] [dpdk-stable] " David Marchand

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1DCDE90B92229844B9E6C0E67C1C8D6B046A1754@CDSMSX102.ccr.corp.intel.com \
    --to=zhiminx.huang@intel.com \
    --cc=dev@dpdk.org \
    --cc=olivier.matz@6wind.com \
    --cc=stable@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).