From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf0-f171.google.com (mail-pf0-f171.google.com [209.85.192.171]) by dpdk.org (Postfix) with ESMTP id 092963230 for ; Wed, 27 Sep 2017 11:25:26 +0200 (CEST) Received: by mail-pf0-f171.google.com with SMTP id n24so6971066pfk.5 for ; Wed, 27 Sep 2017 02:25:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fridaylinux-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=f2hgobgE3RAz0/mwEbcI+epADFL5UM1+4dminRrSLyw=; b=wCE19IAr1Pj2b1n8PiwNzD8vJVgMjkvOR57SKjaKPLp4CWEc+7XXXhbbjJy1plpIhm FcolFiP/CHf/n7cfHg63jCGuptXTbOUGTYcFlCWc25kOyZbci8obN3DO1dzm9UJk/uua XyLpwXg5iVjbLgqoA//SEajtLkqvO+HKpVexlPNPPdlr4yuMYC/rvaE7mrr/pEnV8QLw esNSZNHB8wPtXgDu+UicF+UpK5PVEfBsDSA3SZydaCz3rXqpeVM/4xn6B0I/DhiY+luR D5P/qiEJOA0NqsJK7H8Mo/oVOIaPdHsOFk7gIz/xEm9hb+2QzGGo0YoMZP12Pys+uqFy mlBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=f2hgobgE3RAz0/mwEbcI+epADFL5UM1+4dminRrSLyw=; b=rOS15cFhAwTzuZJUMrY233xJzC7SifARxnLw38lImqhb/4CizwCeKDyCT+rj1NDoI+ w9g091pK8XPYbzT+gjjZBVIU3SlzqYHLDNmY7V0leybw5CuhAyhzize3tGofLZW3AYu5 rLXCM6hIO/DEp85YPrdn1lYGLO09wzusFzqS37RicWoQgBfDZ61f+SlOdwgDXA98rwho 3LQg3SI10mzMRFrnnfflc8omHX1YYrSn+CxzXuVlNnmaYXuLfmcWrujTedZyol7S0VFM V83IQoZnF9YFUXu6Citt37qqUza9QlPW1zItf2f16p+3oRUfBFHvz+USUwvS7fxHNoCn dxAg== X-Gm-Message-State: AHPjjUhqW4G+eKtfdrTtSPWXAEuMB5oep5QqEul/pwSWKu1lci8IaxIG YOE/E7aqeDxrs7440OATx4h1W2Do1+U= X-Google-Smtp-Source: AOwi7QCBok5PLb5FfMPMnatLfksBHaUoYbhlQEpSVaWUAX8htdUNDKkDXfS3YFeYFpAKPs8cFpeB1g== X-Received: by 10.98.198.70 with SMTP id m67mr736301pfg.237.1506504325273; Wed, 27 Sep 2017 02:25:25 -0700 (PDT) Received: from yliu-home ([45.63.61.64]) by smtp.gmail.com with ESMTPSA id k25sm17617105pgf.13.2017.09.27.02.25.22 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Sep 2017 02:25:24 -0700 (PDT) Date: Wed, 27 Sep 2017 17:25:17 +0800 From: Yuanhan Liu To: Daniel Mrzyglod Cc: dev@dpdk.org, jianfeng.tan@intel.com, stable@dpdk.org Message-ID: <20170927092517.GI2251@yliu-home> References: <20170920132556.5310-1-danielx.t.mrzyglod@intel.com> <20170922152149.16876-1-danielx.t.mrzyglod@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170922152149.16876-1-danielx.t.mrzyglod@intel.com> User-Agent: Mutt/1.5.24 (2015-08-30) Subject: Re: [dpdk-stable] [PATCH v3] net/virtio: fix of untrusted scalar value X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 09:25:26 -0000 On Fri, Sep 22, 2017 at 05:21:49PM +0200, Daniel Mrzyglod wrote: > The unscrutinized value may be incorrectly assumed to be within a certain > range by later operations. > > In vhost_user_read: An unscrutinized value from an untrusted source used > in a trusted context - the value of sz_payload may be harmfull and we need > limit them to the max value of payload. > > Coverity issue: 139601 > > Fixes: 6a84c37e3975 ("net/virtio-user: add vhost-user adapter layer") > Cc: jianfeng.tan@intel.com > Cc: stable@dpdk.org > > Signed-off-by: Daniel Mrzyglod FYI, you should put the Ack from Jianfeng here, so that it will be there when I apply your patch. Otherwise, I have to add it back manually. But never mind, I have done it this time. So, applied to dpdk-next-virtio. Thanks. --yliu > --- > v3: > * there were wrong v2 email adress for stable dpdk mailinglist > * fix compilation errors > > v2: > * Add Cc for stable in gitlog massage > * Add Coverity line > * v1 was acked by Acked-by: Jianfeng Tan > > > drivers/net/virtio/virtio_user/vhost_user.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/net/virtio/virtio_user/vhost_user.c b/drivers/net/virtio/virtio_user/vhost_user.c > index 4ad7b21..97bd832 100644 > --- a/drivers/net/virtio/virtio_user/vhost_user.c > +++ b/drivers/net/virtio/virtio_user/vhost_user.c > @@ -130,6 +130,10 @@ vhost_user_read(int fd, struct vhost_user_msg *msg) > } > > sz_payload = msg->size; > + > + if ((size_t)sz_payload > sizeof(msg->payload)) > + goto fail; > + > if (sz_payload) { > ret = recv(fd, (void *)((char *)msg + sz_hdr), sz_payload, 0); > if (ret < sz_payload) { > -- > 2.7.4