From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id ECA79A00BE;
	Wed, 29 Apr 2020 15:17:10 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 48F2C1DACF;
	Wed, 29 Apr 2020 15:17:10 +0200 (CEST)
Received: from proxy.6wind.com (host.76.145.23.62.rev.coltfrance.com
 [62.23.145.76]) by dpdk.org (Postfix) with ESMTP id A205D1DAB6;
 Wed, 29 Apr 2020 15:17:09 +0200 (CEST)
Received: from glumotte.dev.6wind.com. (unknown [10.16.0.195])
 by proxy.6wind.com (Postfix) with ESMTP id 5A0473E7C76;
 Wed, 29 Apr 2020 15:17:09 +0200 (CEST)
From: Olivier Matz <olivier.matz@6wind.com>
To: dev@dpdk.org
Cc: stable@dpdk.org
Date: Wed, 29 Apr 2020 15:17:00 +0200
Message-Id: <20200429131700.25294-1-olivier.matz@6wind.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [dpdk-dev] [PATCH] kvargs: fix crash when parsing an invalid token
	on FreeBSD
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

The behavior of strtok_r() is not the same between GNU libc and FreeBSD
libc: in the first case, the context is set to "" when the last token is
returned, while in the second case it is set to NULL.

On FreeBSD, the current code crashes because we are dereferencing a NULL
pointer (ctx1). Fix it by first checking if it is NULL. This works with
both GNU and FreeBSD libc.

Fixes: ffcf831454a9 ("kvargs: fix buffer overflow when parsing list")
Cc: stable@dpdk.org

Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
---
 lib/librte_kvargs/rte_kvargs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/librte_kvargs/rte_kvargs.c b/lib/librte_kvargs/rte_kvargs.c
index 1d815dcd9..285081c86 100644
--- a/lib/librte_kvargs/rte_kvargs.c
+++ b/lib/librte_kvargs/rte_kvargs.c
@@ -50,7 +50,7 @@ rte_kvargs_tokenize(struct rte_kvargs *kvlist, const char *params)
 			/* Find the end of the list. */
 			while (str[strlen(str) - 1] != ']') {
 				/* Restore the comma erased by strtok_r(). */
-				if (ctx1[0] == '\0')
+				if (ctx1 == NULL || ctx1[0] == '\0')
 					return -1; /* no closing bracket */
 				str[strlen(str)] = ',';
 				/* Parse until next comma. */
-- 
2.25.1