* [PATCH] event/octeontx: resolve possible integer overflow
@ 2024-10-18 7:59 Hanumanth Pothula
2024-10-18 16:36 ` [EXTERNAL] " Pavan Nikhilesh Bhagavatula
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Hanumanth Pothula @ 2024-10-18 7:59 UTC (permalink / raw)
To: Jerin Jacob; +Cc: dev, hkalra, hpothula
The last argument passed to ssovf_parsekv() is an
unsigned char*, but it is accessed as an integer.
This can lead to an integer overflow.
Hence, make ensure the argument is accessed as a char
and for better error handling use strtol instead of atoi.
Signed-off-by: Hanumanth Pothula <hpothula@marvell.com>
---
drivers/event/octeontx/ssovf_evdev.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/event/octeontx/ssovf_evdev.c b/drivers/event/octeontx/ssovf_evdev.c
index 3a933b1db7..ccb447d33a 100644
--- a/drivers/event/octeontx/ssovf_evdev.c
+++ b/drivers/event/octeontx/ssovf_evdev.c
@@ -719,8 +719,16 @@ ssovf_close(struct rte_eventdev *dev)
static int
ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
{
- int *flag = opaque;
- *flag = !!atoi(value);
+ uint8_t *flag = (uint8_t *)opaque;
+ char *end;
+
+ errno = 0;
+ *flag = (uint8_t)strtol(value, &end, 2);
+ if ((errno != 0) || (value == end)) {
+ ssovf_log_err("fail to get key val ret:%d err:%d", *flag, errno);
+ return -EINVAL;
+ }
+
return 0;
}
--
2.25.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [EXTERNAL] [PATCH] event/octeontx: resolve possible integer overflow
2024-10-18 7:59 [PATCH] event/octeontx: resolve possible integer overflow Hanumanth Pothula
@ 2024-10-18 16:36 ` Pavan Nikhilesh Bhagavatula
2024-10-18 17:35 ` Stephen Hemminger
2024-10-23 7:15 ` [PATCH v2 1/1] " Hanumanth Pothula
2 siblings, 0 replies; 6+ messages in thread
From: Pavan Nikhilesh Bhagavatula @ 2024-10-18 16:36 UTC (permalink / raw)
To: Hanumanth Reddy Pothula, Jerin Jacob
Cc: dev, Harman Kalra, Hanumanth Reddy Pothula
> The last argument passed to ssovf_parsekv() is an
> unsigned char*, but it is accessed as an integer.
> This can lead to an integer overflow.
>
> Hence, make ensure the argument is accessed as a char
> and for better error handling use strtol instead of atoi.
>
> Signed-off-by: Hanumanth Pothula <hpothula@marvell.com>
Acked-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
> ---
> drivers/event/octeontx/ssovf_evdev.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/event/octeontx/ssovf_evdev.c
> b/drivers/event/octeontx/ssovf_evdev.c
> index 3a933b1db7..ccb447d33a 100644
> --- a/drivers/event/octeontx/ssovf_evdev.c
> +++ b/drivers/event/octeontx/ssovf_evdev.c
> @@ -719,8 +719,16 @@ ssovf_close(struct rte_eventdev *dev)
> static int
> ssovf_parsekv(const char *key __rte_unused, const char *value, void
> *opaque)
> {
> - int *flag = opaque;
> - *flag = !!atoi(value);
> + uint8_t *flag = (uint8_t *)opaque;
> + char *end;
> +
> + errno = 0;
> + *flag = (uint8_t)strtol(value, &end, 2);
> + if ((errno != 0) || (value == end)) {
> + ssovf_log_err("fail to get key val ret:%d err:%d", *flag, errno);
> + return -EINVAL;
> + }
> +
> return 0;
> }
>
> --
> 2.25.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] event/octeontx: resolve possible integer overflow
2024-10-18 7:59 [PATCH] event/octeontx: resolve possible integer overflow Hanumanth Pothula
2024-10-18 16:36 ` [EXTERNAL] " Pavan Nikhilesh Bhagavatula
@ 2024-10-18 17:35 ` Stephen Hemminger
2024-10-23 7:15 ` [PATCH v2 1/1] " Hanumanth Pothula
2 siblings, 0 replies; 6+ messages in thread
From: Stephen Hemminger @ 2024-10-18 17:35 UTC (permalink / raw)
To: Hanumanth Pothula; +Cc: Jerin Jacob, dev, hkalra
On Fri, 18 Oct 2024 13:29:03 +0530
Hanumanth Pothula <hpothula@marvell.com> wrote:
> The last argument passed to ssovf_parsekv() is an
> unsigned char*, but it is accessed as an integer.
> This can lead to an integer overflow.
>
> Hence, make ensure the argument is accessed as a char
> and for better error handling use strtol instead of atoi.
>
> Signed-off-by: Hanumanth Pothula <hpothula@marvell.com>
> ---
> drivers/event/octeontx/ssovf_evdev.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/event/octeontx/ssovf_evdev.c b/drivers/event/octeontx/ssovf_evdev.c
> index 3a933b1db7..ccb447d33a 100644
> --- a/drivers/event/octeontx/ssovf_evdev.c
> +++ b/drivers/event/octeontx/ssovf_evdev.c
> @@ -719,8 +719,16 @@ ssovf_close(struct rte_eventdev *dev)
> static int
> ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
> {
> - int *flag = opaque;
> - *flag = !!atoi(value);
> + uint8_t *flag = (uint8_t *)opaque;
> + char *end;
> +
> + errno = 0;
> + *flag = (uint8_t)strtol(value, &end, 2);
> + if ((errno != 0) || (value == end)) {
> + ssovf_log_err("fail to get key val ret:%d err:%d", *flag, errno);
> + return -EINVAL;
> + }
> +
> return 0;
> }
Cast of opaque is unnecessary in C.
Use strtoul to avoid allowing negative numbers.
Passing 2 as argument makes it assume binary so 101 is legal value and returns 5
and it is not helping.
Why not:
diff --git a/drivers/event/octeontx/ssovf_evdev.c b/drivers/event/octeontx/ssovf_evdev.c
index 3a933b1db7..9804f5bc59 100644
--- a/drivers/event/octeontx/ssovf_evdev.c
+++ b/drivers/event/octeontx/ssovf_evdev.c
@@ -717,10 +717,20 @@ ssovf_close(struct rte_eventdev *dev)
}
static int
-ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
+ssovf_parsekv(const char *key, const char *value, void *opaque)
{
- int *flag = opaque;
- *flag = !!atoi(value);
+ uint8_t *flag = opaque;
+ unsigned long v;
+ char *end;
+
+ errno = 0;
+ v = strtoul(value, &end, 0);
+ if (errno != 0 || end == value || *end != '\0') {
+ ssvf_log_err("invalid %s value %s", key, value);
+ return -EINVAL;
+ }
+
+ *flag = !!v;
return 0;
}
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v2 1/1] event/octeontx: resolve possible integer overflow
2024-10-18 7:59 [PATCH] event/octeontx: resolve possible integer overflow Hanumanth Pothula
2024-10-18 16:36 ` [EXTERNAL] " Pavan Nikhilesh Bhagavatula
2024-10-18 17:35 ` Stephen Hemminger
@ 2024-10-23 7:15 ` Hanumanth Pothula
2024-10-23 16:16 ` Stephen Hemminger
2 siblings, 1 reply; 6+ messages in thread
From: Hanumanth Pothula @ 2024-10-23 7:15 UTC (permalink / raw)
To: Jerin Jacob; +Cc: dev, hkalra, stephen, hpothula
The last argument passed to ssovf_parsekv() is an
unsigned char*, but it is accessed as an integer.
This can lead to an integer overflow.
Hence, make ensure the argument is accessed as a char
and for better error handling use strtol instead of atoi.
Signed-off-by: Hanumanth Pothula <hpothula@marvell.com>
---
v2: use strtoul instead of strtol
---
drivers/event/octeontx/ssovf_evdev.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/drivers/event/octeontx/ssovf_evdev.c b/drivers/event/octeontx/ssovf_evdev.c
index 3a933b1db7..d2ab8011e1 100644
--- a/drivers/event/octeontx/ssovf_evdev.c
+++ b/drivers/event/octeontx/ssovf_evdev.c
@@ -717,10 +717,20 @@ ssovf_close(struct rte_eventdev *dev)
}
static int
-ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
+ssovf_parsekv(const char *key, const char *value, void *opaque)
{
- int *flag = opaque;
- *flag = !!atoi(value);
+ uint8_t *flag = opaque;
+ uint64_t v;
+ char *end;
+
+ errno = 0;
+ v = (uint8_t)strtoul(value, &end, 0);
+ if ((errno != 0) || (value == end) || *end != '\0') {
+ ssovf_log_err("invalid %s value %s", key, value);
+ return -EINVAL;
+ }
+
+ *flag = !!v;
return 0;
}
--
2.25.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2 1/1] event/octeontx: resolve possible integer overflow
2024-10-23 7:15 ` [PATCH v2 1/1] " Hanumanth Pothula
@ 2024-10-23 16:16 ` Stephen Hemminger
2024-10-23 20:29 ` [EXTERNAL] " Hanumanth Reddy Pothula
0 siblings, 1 reply; 6+ messages in thread
From: Stephen Hemminger @ 2024-10-23 16:16 UTC (permalink / raw)
To: Hanumanth Pothula; +Cc: Jerin Jacob, dev, hkalra
On Wed, 23 Oct 2024 12:45:46 +0530
Hanumanth Pothula <hpothula@marvell.com> wrote:
> static int
> -ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
> +ssovf_parsekv(const char *key, const char *value, void *opaque)
> {
> - int *flag = opaque;
> - *flag = !!atoi(value);
> + uint8_t *flag = opaque;
> + uint64_t v;
> + char *end;
> +
> + errno = 0;
> + v = (uint8_t)strtoul(value, &end, 0);
Cast will cause truncation of large values.
Maybe:
v = strtoul(value, &end, 0);
if (errno != 0 || value == end || *end != '\0' || v > UINT8_MAX) {
...
> + if ((errno != 0) || (value == end) || *end != '\0') {
> + ssovf_log_err("invalid %s value %s", key, value);
> + return -EINVAL;
> + }
> +
> + *flag = !!v;
> return 0;
> }
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [EXTERNAL] Re: [PATCH v2 1/1] event/octeontx: resolve possible integer overflow
2024-10-23 16:16 ` Stephen Hemminger
@ 2024-10-23 20:29 ` Hanumanth Reddy Pothula
0 siblings, 0 replies; 6+ messages in thread
From: Hanumanth Reddy Pothula @ 2024-10-23 20:29 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: Jerin Jacob, dev, Harman Kalra
[-- Attachment #1: Type: text/plain, Size: 1729 bytes --]
From: Stephen Hemminger <stephen@networkplumber.org>
Sent: Wednesday, October 23, 2024 9:46 PM
To: Hanumanth Reddy Pothula <hpothula@marvell.com>
Cc: Jerin Jacob <jerinj@marvell.com>; dev@dpdk.org; Harman Kalra <hkalra@marvell.com>
Subject: [EXTERNAL] Re: [PATCH v2 1/1] event/octeontx: resolve possible integer overflow
On Wed, 23 Oct 2024 12: 45: 46 +0530 Hanumanth Pothula <hpothula@ marvell. com> wrote: > static int > -ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque) > +ssovf_parsekv(const char *key, const char *value,
On Wed, 23 Oct 2024 12:45:46 +0530
Hanumanth Pothula <hpothula@marvell.com<mailto:hpothula@marvell.com>> wrote:
> static int
> -ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
> +ssovf_parsekv(const char *key, const char *value, void *opaque)
> {
> - int *flag = opaque;
> - *flag = !!atoi(value);
> + uint8_t *flag = opaque;
> + uint64_t v;
> + char *end;
> +
> + errno = 0;
> + v = (uint8_t)strtoul(value, &end, 0);
Cast will cause truncation of large values.
Maybe:
v = strtoul(value, &end, 0);
if (errno != 0 || value == end || *end != '\0' || v > UINT8_MAX) {
...
Thanks for the review/comment.
Here, the value can only be ‘0’ or ‘1’, so truncation won’t be an issue.
> + if ((errno != 0) || (value == end) || *end != '\0') {
> + ssovf_log_err("invalid %s value %s", key, value);
> + return -EINVAL;
> + }
> +
> + *flag = !!v;
> return 0;
> }
[-- Attachment #2: Type: text/html, Size: 8897 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-10-23 20:29 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-18 7:59 [PATCH] event/octeontx: resolve possible integer overflow Hanumanth Pothula
2024-10-18 16:36 ` [EXTERNAL] " Pavan Nikhilesh Bhagavatula
2024-10-18 17:35 ` Stephen Hemminger
2024-10-23 7:15 ` [PATCH v2 1/1] " Hanumanth Pothula
2024-10-23 16:16 ` Stephen Hemminger
2024-10-23 20:29 ` [EXTERNAL] " Hanumanth Reddy Pothula
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).