* [spp] [PATCH] primary: fix buffer overflow of primary status
@ 2018-10-09 10:52 ogawa.yasufumi
0 siblings, 0 replies; only message in thread
From: ogawa.yasufumi @ 2018-10-09 10:52 UTC (permalink / raw)
To: spp, ferruh.yigit, ogawa.yasufumi
From: Yasufumi Ogawa <ogawa.yasufumi@lab.ntt.co.jp>
Response of status of primary exceeds the max of message buffer size
MSG_SIZE defined in 'src/shared/common.h' if too many ports are
assigned. To avoid this error, make response of fewer size than the max
size. The rest of status of ports are simply discarded.
Signed-off-by: Yasufumi Ogawa <ogawa.yasufumi@lab.ntt.co.jp>
---
src/primary/main.c | 58 ++++++++++++++++++++++++++++++++++++++++++++---------
src/shared/common.h | 4 ++++
2 files changed, 53 insertions(+), 9 deletions(-)
diff --git a/src/primary/main.c b/src/primary/main.c
index 7d5e0a2..33f4143 100644
--- a/src/primary/main.c
+++ b/src/primary/main.c
@@ -184,43 +184,83 @@ static int
get_status_json(char *str)
{
int i;
- char phy_ports[512];
- char ring_ports[1024];
- memset(phy_ports, '\0', 512);
- memset(ring_ports, '\0', 1024);
-
+ int phyp_buf_size = PRI_BUF_SIZE_PHY;
+ int ringp_buf_size = PRI_BUF_SIZE_RING;
+ char phy_ports[phyp_buf_size];
+ char ring_ports[ringp_buf_size];
+ memset(phy_ports, '\0', phyp_buf_size);
+ memset(ring_ports, '\0', ringp_buf_size);
+
+ int buf_size = 256;
+ char phy_port[buf_size];
for (i = 0; i < ports->num_ports; i++) {
- sprintf(phy_ports, "%s{\"id\": %u, \"eth\": \"%s\", "
+
+ RTE_LOG(DEBUG, APP, "Size of phy_ports str: %d\n",
+ (int)strlen(phy_ports));
+
+ memset(phy_port, '\0', buf_size);
+
+ sprintf(phy_port, "{\"id\": %u, \"eth\": \"%s\", "
"\"rx\": %"PRIu64", \"tx\": %"PRIu64", "
"\"tx_drop\": %"PRIu64"}",
- phy_ports,
ports->id[i],
get_printable_mac_addr(ports->id[i]),
ports->port_stats[i].rx,
ports->port_stats[i].tx,
ports->client_stats[i].tx_drop);
+ int cur_buf_size = (int)strlen(phy_ports) +
+ (int)strlen(phy_port);
+ if (cur_buf_size > phyp_buf_size - 1) {
+ RTE_LOG(ERR, APP,
+ "Cannot send all of phy_port stats (%d/%d)\n",
+ i, ports->num_ports);
+ sprintf(phy_ports + strlen(phy_ports) - 1, "%s", "");
+ break;
+ }
+
+ sprintf(phy_ports + strlen(phy_ports), "%s", phy_port);
+
if (i < ports->num_ports - 1)
sprintf(phy_ports, "%s,", phy_ports);
}
+ char ring_port[buf_size];
for (i = 0; i < num_clients; i++) {
- sprintf(ring_ports, "%s{\"id\": %u, \"rx\": %"PRIu64", "
+
+ RTE_LOG(DEBUG, APP, "Size of ring_ports str: %d\n",
+ (int)strlen(ring_ports));
+
+ memset(ring_port, '\0', buf_size);
+
+ sprintf(ring_port, "{\"id\": %u, \"rx\": %"PRIu64", "
"\"rx_drop\": %"PRIu64", "
"\"tx\": %"PRIu64", \"tx_drop\": %"PRIu64"}",
- ring_ports,
i,
ports->client_stats[i].rx,
ports->client_stats[i].rx_drop,
ports->client_stats[i].tx,
ports->client_stats[i].tx_drop);
+ int cur_buf_size = (int)strlen(ring_ports) +
+ (int)strlen(ring_port);
+ if (cur_buf_size > ringp_buf_size - 1) {
+ RTE_LOG(ERR, APP,
+ "Cannot send all of ring_port stats (%d/%d)\n",
+ i, num_clients);
+ sprintf(ring_ports + strlen(ring_ports) - 1, "%s", "");
+ break;
+ }
+
+ sprintf(ring_ports + strlen(ring_ports), "%s", ring_port);
+
if (i < num_clients - 1)
sprintf(ring_ports, "%s,", ring_ports);
}
RTE_LOG(DEBUG, APP, "{\"phy_ports\": [%s], \"ring_ports\": [%s]}",
phy_ports, ring_ports);
+
sprintf(str, "{\"phy_ports\": [%s], \"ring_ports\": [%s]}",
phy_ports, ring_ports);
diff --git a/src/shared/common.h b/src/shared/common.h
index a30f0da..a5395aa 100644
--- a/src/shared/common.h
+++ b/src/shared/common.h
@@ -31,6 +31,10 @@
#define SOCK_RESET -1
#define PORT_RESET UINT16_MAX
+/* Buffer sizes of status message of primary. Total must be equal to MSG_SIZE */
+#define PRI_BUF_SIZE_PHY 512
+#define PRI_BUF_SIZE_RING 1512
+
/*
* When doing reads from the NIC or the client queues,
* use this batch size
--
2.7.4
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-10-09 10:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-10-09 10:52 [spp] [PATCH] primary: fix buffer overflow of primary status ogawa.yasufumi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).