[PATCH] event/octeontx: resolve possible integer overflow

[PATCH] event/octeontx: resolve possible integer overflow

[Hanumanth Pothula]

The last argument passed to ssovf_parsekv() is an
unsigned char*, but it is accessed as an integer.
This can lead to an integer overflow.

Hence, make ensure the argument is accessed as a char
and for better error handling use strtol instead of atoi.

Signed-off-by: Hanumanth Pothula <hpothula@marvell.com>
---
 drivers/event/octeontx/ssovf_evdev.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/drivers/event/octeontx/ssovf_evdev.c b/drivers/event/octeontx/ssovf_evdev.c
index 3a933b1db7..ccb447d33a 100644
--- a/drivers/event/octeontx/ssovf_evdev.c
+++ b/drivers/event/octeontx/ssovf_evdev.c
@@ -719,8 +719,16 @@ ssovf_close(struct rte_eventdev *dev)
 static int
 ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
 {
-	int *flag = opaque;
-	*flag = !!atoi(value);
+	uint8_t *flag = (uint8_t *)opaque;
+	char *end;
+
+	errno = 0;
+	*flag = (uint8_t)strtol(value, &end, 2);
+	if ((errno != 0) || (value == end)) {
+		ssovf_log_err("fail to get key val ret:%d err:%d", *flag, errno);
+		return -EINVAL;
+	}
+
 	return 0;
 }
 
-- 
2.25.1

RE: [EXTERNAL] [PATCH] event/octeontx: resolve possible integer overflow

[Pavan Nikhilesh Bhagavatula]

> The last argument passed to ssovf_parsekv() is an
> unsigned char*, but it is accessed as an integer.
> This can lead to an integer overflow.
> 
> Hence, make ensure the argument is accessed as a char
> and for better error handling use strtol instead of atoi.
> 
> Signed-off-by: Hanumanth Pothula <hpothula@marvell.com>

Acked-by: Pavan Nikhilesh <pbhagavatula@marvell.com>

> ---
>  drivers/event/octeontx/ssovf_evdev.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/event/octeontx/ssovf_evdev.c
> b/drivers/event/octeontx/ssovf_evdev.c
> index 3a933b1db7..ccb447d33a 100644
> --- a/drivers/event/octeontx/ssovf_evdev.c
> +++ b/drivers/event/octeontx/ssovf_evdev.c
> @@ -719,8 +719,16 @@ ssovf_close(struct rte_eventdev *dev)
>  static int
>  ssovf_parsekv(const char *key __rte_unused, const char *value, void
> *opaque)
>  {
> -	int *flag = opaque;
> -	*flag = !!atoi(value);
> +	uint8_t *flag = (uint8_t *)opaque;
> +	char *end;
> +
> +	errno = 0;
> +	*flag = (uint8_t)strtol(value, &end, 2);
> +	if ((errno != 0) || (value == end)) {
> +		ssovf_log_err("fail to get key val ret:%d err:%d", *flag, errno);
> +		return -EINVAL;
> +	}
> +
>  	return 0;
>  }
> 
> --
> 2.25.1

Re: [PATCH] event/octeontx: resolve possible integer overflow

[Stephen Hemminger]

On Fri, 18 Oct 2024 13:29:03 +0530
Hanumanth Pothula <hpothula@marvell.com> wrote:

> The last argument passed to ssovf_parsekv() is an
> unsigned char*, but it is accessed as an integer.
> This can lead to an integer overflow.
> 
> Hence, make ensure the argument is accessed as a char
> and for better error handling use strtol instead of atoi.
> 
> Signed-off-by: Hanumanth Pothula <hpothula@marvell.com>
> ---
>  drivers/event/octeontx/ssovf_evdev.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/event/octeontx/ssovf_evdev.c b/drivers/event/octeontx/ssovf_evdev.c
> index 3a933b1db7..ccb447d33a 100644
> --- a/drivers/event/octeontx/ssovf_evdev.c
> +++ b/drivers/event/octeontx/ssovf_evdev.c
> @@ -719,8 +719,16 @@ ssovf_close(struct rte_eventdev *dev)
>  static int
>  ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
>  {
> -	int *flag = opaque;
> -	*flag = !!atoi(value);
> +	uint8_t *flag = (uint8_t *)opaque;
> +	char *end;
> +
> +	errno = 0;
> +	*flag = (uint8_t)strtol(value, &end, 2);
> +	if ((errno != 0) || (value == end)) {
> +		ssovf_log_err("fail to get key val ret:%d err:%d", *flag, errno);
> +		return -EINVAL;
> +	}
> +
>  	return 0;
>  }

Cast of opaque is unnecessary in C.
Use strtoul to avoid allowing negative numbers.
Passing 2 as argument makes it assume binary so 101 is legal value and returns 5
and it is not helping.


Why not:

diff --git a/drivers/event/octeontx/ssovf_evdev.c b/drivers/event/octeontx/ssovf_evdev.c
index 3a933b1db7..9804f5bc59 100644
--- a/drivers/event/octeontx/ssovf_evdev.c
+++ b/drivers/event/octeontx/ssovf_evdev.c
@@ -717,10 +717,20 @@ ssovf_close(struct rte_eventdev *dev)
 }
 
 static int
-ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
+ssovf_parsekv(const char *key, const char *value, void *opaque)
 {
-       int *flag = opaque;
-       *flag = !!atoi(value);
+       uint8_t *flag = opaque;
+       unsigned long v;
+       char *end;
+
+       errno = 0;
+       v = strtoul(value, &end, 0);
+       if (errno != 0 || end == value || *end != '\0') {
+               ssvf_log_err("invalid %s value %s", key, value);
+               return -EINVAL;
+       }
+
+       *flag = !!v;
        return 0;
 }
 

[PATCH v2 1/1] event/octeontx: resolve possible integer overflow

[Hanumanth Pothula]

The last argument passed to ssovf_parsekv() is an
unsigned char*, but it is accessed as an integer.
This can lead to an integer overflow.

Hence, make ensure the argument is accessed as a char
and for better error handling use strtol instead of atoi.

Signed-off-by: Hanumanth Pothula <hpothula@marvell.com>
---

v2: use strtoul instead of strtol
---
 drivers/event/octeontx/ssovf_evdev.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/drivers/event/octeontx/ssovf_evdev.c b/drivers/event/octeontx/ssovf_evdev.c
index 3a933b1db7..d2ab8011e1 100644
--- a/drivers/event/octeontx/ssovf_evdev.c
+++ b/drivers/event/octeontx/ssovf_evdev.c
@@ -717,10 +717,20 @@ ssovf_close(struct rte_eventdev *dev)
 }
 
 static int
-ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
+ssovf_parsekv(const char *key, const char *value, void *opaque)
 {
-	int *flag = opaque;
-	*flag = !!atoi(value);
+	uint8_t *flag = opaque;
+	uint64_t v;
+	char *end;
+
+	errno = 0;
+	v = (uint8_t)strtoul(value, &end, 0);
+	if ((errno != 0) || (value == end) || *end != '\0') {
+		ssovf_log_err("invalid %s value %s", key, value);
+		return -EINVAL;
+	}
+
+	*flag = !!v;
 	return 0;
 }
 
-- 
2.25.1

Re: [PATCH v2 1/1] event/octeontx: resolve possible integer overflow

[Stephen Hemminger]

On Wed, 23 Oct 2024 12:45:46 +0530
Hanumanth Pothula <hpothula@marvell.com> wrote:

>  static int
> -ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
> +ssovf_parsekv(const char *key, const char *value, void *opaque)
>  {
> -	int *flag = opaque;
> -	*flag = !!atoi(value);
> +	uint8_t *flag = opaque;
> +	uint64_t v;
> +	char *end;
> +
> +	errno = 0;
> +	v = (uint8_t)strtoul(value, &end, 0);

Cast will cause truncation of large values.

Maybe:
	v = strtoul(value, &end, 0);
	if (errno != 0 || value == end || *end != '\0' || v > UINT8_MAX) {
...


> +	if ((errno != 0) || (value == end) || *end != '\0') {
> +		ssovf_log_err("invalid %s value %s", key, value);
> +		return -EINVAL;
> +	}
> +
> +	*flag = !!v;
>  	return 0;
>  }

RE: [EXTERNAL] Re: [PATCH v2 1/1] event/octeontx: resolve possible integer overflow

[Hanumanth Reddy Pothula]

[-- Attachment #1: Type: text/plain, Size: 1729 bytes --]



From: Stephen Hemminger <stephen@networkplumber.org>
Sent: Wednesday, October 23, 2024 9:46 PM
To: Hanumanth Reddy Pothula <hpothula@marvell.com>
Cc: Jerin Jacob <jerinj@marvell.com>; dev@dpdk.org; Harman Kalra <hkalra@marvell.com>
Subject: [EXTERNAL] Re: [PATCH v2 1/1] event/octeontx: resolve possible integer overflow

On Wed, 23 Oct 2024 12: 45: 46 +0530 Hanumanth Pothula <hpothula@ marvell. com> wrote: > static int > -ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque) > +ssovf_parsekv(const char *key, const char *value,


On Wed, 23 Oct 2024 12:45:46 +0530

Hanumanth Pothula <hpothula@marvell.com<mailto:hpothula@marvell.com>> wrote:



>  static int

> -ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)

> +ssovf_parsekv(const char *key, const char *value, void *opaque)

>  {

> -         int *flag = opaque;

> -         *flag = !!atoi(value);

> +        uint8_t *flag = opaque;

> +        uint64_t v;

> +        char *end;

> +

> +        errno = 0;

> +        v = (uint8_t)strtoul(value, &end, 0);



Cast will cause truncation of large values.



Maybe:

              v = strtoul(value, &end, 0);

              if (errno != 0 || value == end || *end != '\0' || v > UINT8_MAX) {

...



Thanks for the review/comment.
Here, the value can only be ‘0’ or ‘1’, so truncation won’t be an issue.





> +        if ((errno != 0) || (value == end) || *end != '\0') {

> +                       ssovf_log_err("invalid %s value %s", key, value);

> +                       return -EINVAL;

> +        }

> +

> +        *flag = !!v;

>           return 0;

>  }

[-- Attachment #2: Type: text/html, Size: 8897 bytes --]

[PATCH v3 1/1] event/octeontx: resolve possible integer overflow

[Hanumanth Pothula]

The last argument passed to ssovf_parsekv() is an
unsigned char*, but it is accessed as an integer.
This can lead to an integer overflow.

Hence, make ensure the argument is accessed as a char
and for better error handling use strtol instead of atoi.

Signed-off-by: Hanumanth Pothula <hpothula@marvell.com>
---

v2: use strtoul instead of strtol
v3: Add value boundry check. Here, value can be either 0 or 1.
---
 drivers/event/octeontx/ssovf_evdev.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/drivers/event/octeontx/ssovf_evdev.c b/drivers/event/octeontx/ssovf_evdev.c
index 3a933b1db7..957fcab04e 100644
--- a/drivers/event/octeontx/ssovf_evdev.c
+++ b/drivers/event/octeontx/ssovf_evdev.c
@@ -717,10 +717,20 @@ ssovf_close(struct rte_eventdev *dev)
 }
 
 static int
-ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
+ssovf_parsekv(const char *key, const char *value, void *opaque)
 {
-	int *flag = opaque;
-	*flag = !!atoi(value);
+	uint8_t *flag = opaque;
+	uint64_t v;
+	char *end;
+
+	errno = 0;
+	v = strtoul(value, &end, 0);
+	if ((errno != 0) || (value == end) || *end != '\0' || v > 1) {
+		ssovf_log_err("invalid %s value %s", key, value);
+		return -EINVAL;
+	}
+
+	*flag = !!v;
 	return 0;
 }
 
-- 
2.25.1

RE: [PATCH v3 1/1] event/octeontx: resolve possible integer overflow

[Ali Alnubani]

> -----Original Message-----
> From: Hanumanth Pothula <hpothula@marvell.com>
> Sent: Thursday, October 24, 2024 6:55 AM
> To: Jerin Jacob <jerinj@marvell.com>
> Cc: dev@dpdk.org; hkalra@marvell.com; stephen@networkplumber.org;
> hpothula@marvell.com
> Subject: [PATCH v3 1/1] event/octeontx: resolve possible integer overflow
> 
> The last argument passed to ssovf_parsekv() is an
> unsigned char*, but it is accessed as an integer.
> This can lead to an integer overflow.
> 
> Hence, make ensure the argument is accessed as a char
> and for better error handling use strtol instead of atoi.
> 
> Signed-off-by: Hanumanth Pothula <hpothula@marvell.com>
> ---
> 
> v2: use strtoul instead of strtol
> v3: Add value boundry check. Here, value can be either 0 or 1.
> ---

Confirmed that it resolves https://bugs.dpdk.org/show_bug.cgi?id=1512.

Tested-by: Ali Alnubani <alialnu@nvidia.com>

Thanks,
Ali

Re: [PATCH v3 1/1] event/octeontx: resolve possible integer overflow

[Jerin Jacob]

On Thu, Oct 24, 2024 at 1:27 PM Ali Alnubani <alialnu@nvidia.com> wrote:
>
> > -----Original Message-----
> > From: Hanumanth Pothula <hpothula@marvell.com>
> > Sent: Thursday, October 24, 2024 6:55 AM
> > To: Jerin Jacob <jerinj@marvell.com>
> > Cc: dev@dpdk.org; hkalra@marvell.com; stephen@networkplumber.org;
> > hpothula@marvell.com
> > Subject: [PATCH v3 1/1] event/octeontx: resolve possible integer overflow
> >
> > The last argument passed to ssovf_parsekv() is an
> > unsigned char*, but it is accessed as an integer.
> > This can lead to an integer overflow.
> >
> > Hence, make ensure the argument is accessed as a char
> > and for better error handling use strtol instead of atoi.
> >

Add
Bugzilla ID: 1512

And add Fixes: tag

please start the git commit subject with event/octeontx: fix ...

Good to merge next version

> > Signed-off-by: Hanumanth Pothula <hpothula@marvell.com>
> > ---
> >
> > v2: use strtoul instead of strtol
> > v3: Add value boundry check. Here, value can be either 0 or 1.
> > ---
>
> Confirmed that it resolves https://bugs.dpdk.org/show_bug.cgi?id=1512.
>
> Tested-by: Ali Alnubani <alialnu@nvidia.com>



>
> Thanks,
> Ali

[PATCH v4 1/1] event/octeontx: fix possible integer overflow

[Hanumanth Pothula]

The last argument passed to ssovf_parsekv() is an
unsigned char*, but it is accessed as an integer.
This can lead to an integer overflow.

Hence, make ensure the argument is accessed as a char
and for better error handling use strtol instead of atoi.

Bugzilla ID: 1512
Fixes: 3516327e00fd ("event/octeontx: add selftest to device arguments")

Signed-off-by: Hanumanth Pothula <hpothula@marvell.com>
---

v2: Use strtoul instead of strtol
v3: Add value boundry check. Here, value can be either 0 or 1.
v4: Commit text update
---
 drivers/event/octeontx/ssovf_evdev.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/drivers/event/octeontx/ssovf_evdev.c b/drivers/event/octeontx/ssovf_evdev.c
index 3a933b1db7..957fcab04e 100644
--- a/drivers/event/octeontx/ssovf_evdev.c
+++ b/drivers/event/octeontx/ssovf_evdev.c
@@ -717,10 +717,20 @@ ssovf_close(struct rte_eventdev *dev)
 }
 
 static int
-ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
+ssovf_parsekv(const char *key, const char *value, void *opaque)
 {
-	int *flag = opaque;
-	*flag = !!atoi(value);
+	uint8_t *flag = opaque;
+	uint64_t v;
+	char *end;
+
+	errno = 0;
+	v = strtoul(value, &end, 0);
+	if ((errno != 0) || (value == end) || *end != '\0' || v > 1) {
+		ssovf_log_err("invalid %s value %s", key, value);
+		return -EINVAL;
+	}
+
+	*flag = !!v;
 	return 0;
 }
 
-- 
2.25.1

Re: [PATCH v4 1/1] event/octeontx: fix possible integer overflow

[Jerin Jacob]

[-- Attachment #1: Type: text/plain, Size: 1851 bytes --]

On Fri, Oct 25, 2024 at 4:28 PM Hanumanth Pothula <hpothula@marvell.com> wrote:
>
> The last argument passed to ssovf_parsekv() is an
> unsigned char*, but it is accessed as an integer.
> This can lead to an integer overflow.
>
> Hence, make ensure the argument is accessed as a char
> and for better error handling use strtol instead of atoi.
>
> Bugzilla ID: 1512
> Fixes: 3516327e00fd ("event/octeontx: add selftest to device arguments")
>
> Signed-off-by: Hanumanth Pothula <hpothula@marvell.com>

Missed following tag
Tested-by: Ali Alnubani <alialnu@nvidia.com>

Applied to dpdk-next-net-mrvl/for-main. Thanks


> ---
>
> v2: Use strtoul instead of strtol
> v3: Add value boundry check. Here, value can be either 0 or 1.
> v4: Commit text update
> ---
>  drivers/event/octeontx/ssovf_evdev.c | 16 +++++++++++++---
>  1 file changed, 13 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/event/octeontx/ssovf_evdev.c b/drivers/event/octeontx/ssovf_evdev.c
> index 3a933b1db7..957fcab04e 100644
> --- a/drivers/event/octeontx/ssovf_evdev.c
> +++ b/drivers/event/octeontx/ssovf_evdev.c
> @@ -717,10 +717,20 @@ ssovf_close(struct rte_eventdev *dev)
>  }
>
>  static int
> -ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
> +ssovf_parsekv(const char *key, const char *value, void *opaque)
>  {
> -       int *flag = opaque;
> -       *flag = !!atoi(value);
> +       uint8_t *flag = opaque;
> +       uint64_t v;
> +       char *end;
> +
> +       errno = 0;
> +       v = strtoul(value, &end, 0);
> +       if ((errno != 0) || (value == end) || *end != '\0' || v > 1) {
> +               ssovf_log_err("invalid %s value %s", key, value);
> +               return -EINVAL;
> +       }
> +
> +       *flag = !!v;
>         return 0;
>  }
>
> --
> 2.25.1
>

[-- Attachment #2: image.png --]
[-- Type: image/png, Size: 6473 bytes --]