* [dpdk-dev] [Bug 792] The dev_uev_parse function has a stack overflow bug.
@ 2021-08-24 2:14 bugzilla
2021-11-04 14:24 ` [dpdk-dev] [Bug 792] [asan] " bugzilla
0 siblings, 1 reply; 2+ messages in thread
From: bugzilla @ 2021-08-24 2:14 UTC (permalink / raw)
To: dev
https://bugs.dpdk.org/show_bug.cgi?id=792
Bug ID: 792
Summary: The dev_uev_parse function has a stack overflow bug.
Product: DPDK
Version: 21.08
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Normal
Component: core
Assignee: dev@dpdk.org
Reporter: zhihongx.peng@intel.com
Target Milestone: ---
Code:
static int
dev_uev_parse(const char *buf, struct rte_dev_event *event, int length)
{
char action[EAL_UEV_MSG_ELEM_LEN];
char subsystem[EAL_UEV_MSG_ELEM_LEN];
char pci_slot_name[EAL_UEV_MSG_ELEM_LEN];
int i = 0;
memset(action, 0, EAL_UEV_MSG_ELEM_LEN);
memset(subsystem, 0, EAL_UEV_MSG_ELEM_LEN);
memset(pci_slot_name, 0, EAL_UEV_MSG_ELEM_LEN);
while (i < length) {
for (; i < length; i++) {
if (*buf)
break;
buf++;
}
/**
* check device uevent from kernel side, no need to check
* uevent from udev.
*/
if (!strncmp(buf, "libudev", 7)) {
buf += 7;
i += 7;
return -1;
}
if (!strncmp(buf, "ACTION=", 7)) {
buf += 7;
i += 7;
strlcpy(action, buf, sizeof(action));
} else if (!strncmp(buf, "SUBSYSTEM=", 10)) {
buf += 10;
i += 10;
strlcpy(subsystem, buf, sizeof(subsystem));
} else if (!strncmp(buf, "PCI_SLOT_NAME=", 14)) {
buf += 14;
i += 14;
strlcpy(pci_slot_name, buf, sizeof(subsystem));
event->devname = strdup(pci_slot_name);
}
Bug description:
Because the minimum length of the buff is not judged, when the length of the
buff is less than 7, strncmp will stack buff overflow.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [dpdk-dev] [Bug 792] [asan] The dev_uev_parse function has a stack overflow bug
2021-08-24 2:14 [dpdk-dev] [Bug 792] The dev_uev_parse function has a stack overflow bug bugzilla
@ 2021-11-04 14:24 ` bugzilla
0 siblings, 0 replies; 2+ messages in thread
From: bugzilla @ 2021-11-04 14:24 UTC (permalink / raw)
To: dev
https://bugs.dpdk.org/show_bug.cgi?id=792
David Marchand (david.marchand@redhat.com) changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|UNCONFIRMED |RESOLVED
--- Comment #2 from David Marchand (david.marchand@redhat.com) ---
Fixed with: https://git.dpdk.org/dpdk/commit/?id=4847122aab5c
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-11-04 14:24 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-24 2:14 [dpdk-dev] [Bug 792] The dev_uev_parse function has a stack overflow bug bugzilla
2021-11-04 14:24 ` [dpdk-dev] [Bug 792] [asan] " bugzilla
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).