From: bugzilla@dpdk.org
To: dev@dpdk.org
Subject: [dpdk-dev] [Bug 792] The dev_uev_parse function has a stack overflow bug.
Date: Tue, 24 Aug 2021 02:14:12 +0000 [thread overview]
Message-ID: <bug-792-3@http.bugs.dpdk.org/> (raw)
https://bugs.dpdk.org/show_bug.cgi?id=792
Bug ID: 792
Summary: The dev_uev_parse function has a stack overflow bug.
Product: DPDK
Version: 21.08
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: core
Assignee: dev@dpdk.org
Reporter: zhihongx.peng@intel.com
Target Milestone: ---
Code:
static int
dev_uev_parse(const char *buf, struct rte_dev_event *event, int length)
{
char action[EAL_UEV_MSG_ELEM_LEN];
char subsystem[EAL_UEV_MSG_ELEM_LEN];
char pci_slot_name[EAL_UEV_MSG_ELEM_LEN];
int i = 0;
memset(action, 0, EAL_UEV_MSG_ELEM_LEN);
memset(subsystem, 0, EAL_UEV_MSG_ELEM_LEN);
memset(pci_slot_name, 0, EAL_UEV_MSG_ELEM_LEN);
while (i < length) {
for (; i < length; i++) {
if (*buf)
break;
buf++;
}
/**
* check device uevent from kernel side, no need to check
* uevent from udev.
*/
if (!strncmp(buf, "libudev", 7)) {
buf += 7;
i += 7;
return -1;
}
if (!strncmp(buf, "ACTION=", 7)) {
buf += 7;
i += 7;
strlcpy(action, buf, sizeof(action));
} else if (!strncmp(buf, "SUBSYSTEM=", 10)) {
buf += 10;
i += 10;
strlcpy(subsystem, buf, sizeof(subsystem));
} else if (!strncmp(buf, "PCI_SLOT_NAME=", 14)) {
buf += 14;
i += 14;
strlcpy(pci_slot_name, buf, sizeof(subsystem));
event->devname = strdup(pci_slot_name);
}
Bug description:
Because the minimum length of the buff is not judged, when the length of the
buff is less than 7, strncmp will stack buff overflow.
--
You are receiving this mail because:
You are the assignee for the bug.
next reply other threads:[~2021-08-24 2:14 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-24 2:14 bugzilla [this message]
2021-11-04 14:24 ` [dpdk-dev] [Bug 792] [asan] " bugzilla
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-792-3@http.bugs.dpdk.org/ \
--to=bugzilla@dpdk.org \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).