From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by dpdk.space (Postfix) with ESMTP id 86E5EA00E6
	for <public@inbox.dpdk.org>; Tue, 16 Apr 2019 16:38:35 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 77A4B1B4D3;
	Tue, 16 Apr 2019 16:38:35 +0200 (CEST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by dpdk.org (Postfix) with ESMTP id 1E5181B4DE
 for <stable@dpdk.org>; Tue, 16 Apr 2019 16:38:32 +0200 (CEST)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 8581D3098576;
 Tue, 16 Apr 2019 14:38:31 +0000 (UTC)
Received: from rh.redhat.com (ovpn-117-214.ams2.redhat.com [10.36.117.214])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 7875E1001E93;
 Tue, 16 Apr 2019 14:38:30 +0000 (UTC)
From: Kevin Traynor <ktraynor@redhat.com>
To: Pallantla Poornima <pallantlax.poornima@intel.com>
Cc: Alejandro Lucero <alejandro.lucero@netronome.com>,
 dpdk stable <stable@dpdk.org>
Date: Tue, 16 Apr 2019 15:36:52 +0100
Message-Id: <20190416143719.21601-34-ktraynor@redhat.com>
In-Reply-To: <20190416143719.21601-1-ktraynor@redhat.com>
References: <20190416143719.21601-1-ktraynor@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.49]); Tue, 16 Apr 2019 14:38:31 +0000 (UTC)
Subject: [dpdk-stable] patch 'net/nfp: fix possible buffer overflow' has
	been queued to LTS release 18.11.2
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org
Sender: "stable" <stable-bounces@dpdk.org>

Hi,

FYI, your patch has been queued to LTS release 18.11.2

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 04/24/19. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Thanks.

Kevin Traynor

---
>From 458ede605fabc48f152db2df9d679e61fa5a2123 Mon Sep 17 00:00:00 2001
From: Pallantla Poornima <pallantlax.poornima@intel.com>
Date: Fri, 8 Mar 2019 10:28:05 +0000
Subject: [PATCH] net/nfp: fix possible buffer overflow

[ upstream commit 968e9c14f3fe51174e8cda7eb9148985f28f1bb3 ]

sprintf function is not secure as it doesn't check the length of string.
More secure function snprintf is used.

Fixes: 896c265ef954 ("net/nfp: use new CPP interface")
Fixes: c4171b520b3f ("net/nfp: support PF multiport")

Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
Acked-by: Alejandro Lucero <alejandro.lucero@netronome.com>
Tested-by: Alejandro Lucero <alejandro.lucero@netronome.com>
---
 drivers/net/nfp/nfp_net.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/drivers/net/nfp/nfp_net.c b/drivers/net/nfp/nfp_net.c
index 2e3879176..99c9b46e8 100644
--- a/drivers/net/nfp/nfp_net.c
+++ b/drivers/net/nfp/nfp_net.c
@@ -2958,7 +2958,7 @@ nfp_pf_create_dev(struct rte_pci_device *dev, int port, int ports,
 
 	if (ports > 1)
-		sprintf(port_name, "%s_port%d", dev->device.name, port);
+		snprintf(port_name, 100, "%s_port%d", dev->device.name, port);
 	else
-		sprintf(port_name, "%s", dev->device.name);
+		strlcat(port_name, dev->device.name, 100);
 
 	eth_dev = rte_eth_dev_allocate(port_name);
@@ -3025,10 +3025,12 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
 
 	/* First try to find a firmware image specific for this device */
-	sprintf(serial, "serial-%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x",
+	snprintf(serial, sizeof(serial),
+			"serial-%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x",
 		cpp->serial[0], cpp->serial[1], cpp->serial[2], cpp->serial[3],
 		cpp->serial[4], cpp->serial[5], cpp->interface >> 8,
 		cpp->interface & 0xff);
 
-	sprintf(fw_name, "%s/%s.nffw", DEFAULT_FW_PATH, serial);
+	snprintf(fw_name, sizeof(fw_name), "%s/%s.nffw", DEFAULT_FW_PATH,
+			serial);
 
 	PMD_DRV_LOG(DEBUG, "Trying with fw file: %s", fw_name);
@@ -3038,5 +3040,6 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
 
 	/* Then try the PCI name */
-	sprintf(fw_name, "%s/pci-%s.nffw", DEFAULT_FW_PATH, dev->device.name);
+	snprintf(fw_name, sizeof(fw_name), "%s/pci-%s.nffw", DEFAULT_FW_PATH,
+			dev->device.name);
 
 	PMD_DRV_LOG(DEBUG, "Trying with fw file: %s", fw_name);
@@ -3046,5 +3049,5 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
 
 	/* Finally try the card type and media */
-	sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card);
+	snprintf(fw_name, sizeof(fw_name), "%s/%s", DEFAULT_FW_PATH, card);
 	PMD_DRV_LOG(DEBUG, "Trying with fw file: %s", fw_name);
 	fw_f = open(fw_name, O_RDONLY);
@@ -3122,6 +3125,7 @@ nfp_fw_setup(struct rte_pci_device *dev, struct nfp_cpp *cpp,
 	PMD_DRV_LOG(INFO, "Port speed: %u", nfp_eth_table->ports[0].speed);
 
-	sprintf(card_desc, "nic_%s_%dx%d.nffw", nfp_fw_model,
-		nfp_eth_table->count, nfp_eth_table->ports[0].speed / 1000);
+	snprintf(card_desc, sizeof(card_desc), "nic_%s_%dx%d.nffw",
+			nfp_fw_model, nfp_eth_table->count,
+			nfp_eth_table->ports[0].speed / 1000);
 
 	nsp = nfp_nsp_open(cpp);
-- 
2.20.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2019-04-16 15:34:26.704800549 +0100
+++ 0034-net-nfp-fix-possible-buffer-overflow.patch	2019-04-16 15:34:25.184179861 +0100
@@ -1,14 +1,15 @@
-From 968e9c14f3fe51174e8cda7eb9148985f28f1bb3 Mon Sep 17 00:00:00 2001
+From 458ede605fabc48f152db2df9d679e61fa5a2123 Mon Sep 17 00:00:00 2001
 From: Pallantla Poornima <pallantlax.poornima@intel.com>
 Date: Fri, 8 Mar 2019 10:28:05 +0000
 Subject: [PATCH] net/nfp: fix possible buffer overflow
 
+[ upstream commit 968e9c14f3fe51174e8cda7eb9148985f28f1bb3 ]
+
 sprintf function is not secure as it doesn't check the length of string.
 More secure function snprintf is used.
 
 Fixes: 896c265ef954 ("net/nfp: use new CPP interface")
 Fixes: c4171b520b3f ("net/nfp: support PF multiport")
-Cc: stable@dpdk.org
 
 Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
 Acked-by: Alejandro Lucero <alejandro.lucero@netronome.com>
@@ -18,10 +19,10 @@
  1 file changed, 12 insertions(+), 8 deletions(-)
 
 diff --git a/drivers/net/nfp/nfp_net.c b/drivers/net/nfp/nfp_net.c
-index fa7722a47..611a6ee35 100644
+index 2e3879176..99c9b46e8 100644
 --- a/drivers/net/nfp/nfp_net.c
 +++ b/drivers/net/nfp/nfp_net.c
-@@ -3322,7 +3322,7 @@ nfp_pf_create_dev(struct rte_pci_device *dev, int port, int ports,
+@@ -2958,7 +2958,7 @@ nfp_pf_create_dev(struct rte_pci_device *dev, int port, int ports,
  
  	if (ports > 1)
 -		sprintf(port_name, "%s_port%d", dev->device.name, port);
@@ -30,8 +31,8 @@
 -		sprintf(port_name, "%s", dev->device.name);
 +		strlcat(port_name, dev->device.name, 100);
  
- 
-@@ -3437,10 +3437,12 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
+ 	eth_dev = rte_eth_dev_allocate(port_name);
+@@ -3025,10 +3025,12 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
  
  	/* First try to find a firmware image specific for this device */
 -	sprintf(serial, "serial-%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x",
@@ -46,7 +47,7 @@
 +			serial);
  
  	PMD_DRV_LOG(DEBUG, "Trying with fw file: %s", fw_name);
-@@ -3450,5 +3452,6 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
+@@ -3038,5 +3040,6 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
  
  	/* Then try the PCI name */
 -	sprintf(fw_name, "%s/pci-%s.nffw", DEFAULT_FW_PATH, dev->device.name);
@@ -54,14 +55,14 @@
 +			dev->device.name);
  
  	PMD_DRV_LOG(DEBUG, "Trying with fw file: %s", fw_name);
-@@ -3458,5 +3461,5 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
+@@ -3046,5 +3049,5 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
  
  	/* Finally try the card type and media */
 -	sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card);
 +	snprintf(fw_name, sizeof(fw_name), "%s/%s", DEFAULT_FW_PATH, card);
  	PMD_DRV_LOG(DEBUG, "Trying with fw file: %s", fw_name);
  	fw_f = open(fw_name, O_RDONLY);
-@@ -3534,6 +3537,7 @@ nfp_fw_setup(struct rte_pci_device *dev, struct nfp_cpp *cpp,
+@@ -3122,6 +3125,7 @@ nfp_fw_setup(struct rte_pci_device *dev, struct nfp_cpp *cpp,
  	PMD_DRV_LOG(INFO, "Port speed: %u", nfp_eth_table->ports[0].speed);
  
 -	sprintf(card_desc, "nic_%s_%dx%d.nffw", nfp_fw_model,