From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 72C69A0A0E for ; Mon, 17 May 2021 18:16:30 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6A66441104; Mon, 17 May 2021 18:16:30 +0200 (CEST) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) by mails.dpdk.org (Postfix) with ESMTP id 70946410F3 for ; Mon, 17 May 2021 18:16:27 +0200 (CEST) Received: from 2.general.paelzer.uk.vpn ([10.172.196.173] helo=Keschdeichel.fritz.box) by youngberry.canonical.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1lifup-0008Kn-4P; Mon, 17 May 2021 16:16:23 +0000 From: Christian Ehrhardt To: "Min Hu (Connor)" Cc: Pavan Nikhilesh , dpdk stable Date: Mon, 17 May 2021 18:09:36 +0200 Message-Id: <20210517161039.3132619-147-christian.ehrhardt@canonical.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210517161039.3132619-1-christian.ehrhardt@canonical.com> References: <20210517161039.3132619-1-christian.ehrhardt@canonical.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'app/eventdev: fix overflow in lcore list parsing' has been queued to stable release 19.11.9 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to stable release 19.11.9 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 05/19/21. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/cpaelzer/dpdk-stable-queue This queued commit can be viewed at: https://github.com/cpaelzer/dpdk-stable-queue/commit/1e46d09ef92abc9304b7b38aff0e20878bc1aaa5 Thanks. Christian Ehrhardt --- >From 1e46d09ef92abc9304b7b38aff0e20878bc1aaa5 Mon Sep 17 00:00:00 2001 From: "Min Hu (Connor)" Date: Fri, 23 Apr 2021 15:38:08 +0800 Subject: [PATCH] app/eventdev: fix overflow in lcore list parsing [ upstream commit 32d7dbf269be84cb906979d73ad81b40e28d377a ] Tainted and unvalidated integer 'idx' used as an index, which may lead to buffer overflow. This patch fixed it. Fixes: 89e5eb118017 ("app/testeventdev: add string parsing helpers") Signed-off-by: Min Hu (Connor) Acked-by: Pavan Nikhilesh --- app/test-eventdev/evt_options.c | 4 ++-- app/test-eventdev/parser.c | 6 ++++-- app/test-eventdev/parser.h | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/app/test-eventdev/evt_options.c b/app/test-eventdev/evt_options.c index 4f4800d99d..3c80c1a489 100644 --- a/app/test-eventdev/evt_options.c +++ b/app/test-eventdev/evt_options.c @@ -218,7 +218,7 @@ evt_parse_plcores(struct evt_options *opt, const char *corelist) { int ret; - ret = parse_lcores_list(opt->plcores, corelist); + ret = parse_lcores_list(opt->plcores, RTE_MAX_LCORE, corelist); if (ret == -E2BIG) evt_err("duplicate lcores in plcores"); @@ -230,7 +230,7 @@ evt_parse_work_lcores(struct evt_options *opt, const char *corelist) { int ret; - ret = parse_lcores_list(opt->wlcores, corelist); + ret = parse_lcores_list(opt->wlcores, RTE_MAX_LCORE, corelist); if (ret == -E2BIG) evt_err("duplicate lcores in wlcores"); diff --git a/app/test-eventdev/parser.c b/app/test-eventdev/parser.c index 24f1855e9a..7a973cbb23 100644 --- a/app/test-eventdev/parser.c +++ b/app/test-eventdev/parser.c @@ -310,7 +310,7 @@ parse_hex_string(char *src, uint8_t *dst, uint32_t *size) } int -parse_lcores_list(bool lcores[], const char *corelist) +parse_lcores_list(bool lcores[], int lcores_num, const char *corelist) { int i, idx = 0; int min, max; @@ -332,6 +332,8 @@ parse_lcores_list(bool lcores[], const char *corelist) if (*corelist == '\0') return -1; idx = strtoul(corelist, &end, 10); + if (idx < 0 || idx > lcores_num) + return -1; if (end == NULL) return -1; @@ -343,7 +345,7 @@ parse_lcores_list(bool lcores[], const char *corelist) max = idx; if (min == RTE_MAX_LCORE) min = idx; - for (idx = min; idx <= max; idx++) { + for (idx = min; idx < max; idx++) { if (lcores[idx] == 1) return -E2BIG; lcores[idx] = 1; diff --git a/app/test-eventdev/parser.h b/app/test-eventdev/parser.h index 673ff22d78..696b40a3e2 100644 --- a/app/test-eventdev/parser.h +++ b/app/test-eventdev/parser.h @@ -46,5 +46,5 @@ int parse_hex_string(char *src, uint8_t *dst, uint32_t *size); int parse_tokenize_string(char *string, char *tokens[], uint32_t *n_tokens); -int parse_lcores_list(bool lcores[], const char *corelist); +int parse_lcores_list(bool lcores[], int lcores_num, const char *corelist); #endif -- 2.31.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2021-05-17 17:40:35.159789305 +0200 +++ 0147-app-eventdev-fix-overflow-in-lcore-list-parsing.patch 2021-05-17 17:40:29.423811460 +0200 @@ -1 +1 @@ -From 32d7dbf269be84cb906979d73ad81b40e28d377a Mon Sep 17 00:00:00 2001 +From 1e46d09ef92abc9304b7b38aff0e20878bc1aaa5 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 32d7dbf269be84cb906979d73ad81b40e28d377a ] + @@ -12 +13,0 @@ -Cc: stable@dpdk.org @@ -23 +24 @@ -index 0d55405741..061b63e12e 100644 +index 4f4800d99d..3c80c1a489 100644 @@ -26 +27 @@ -@@ -221,7 +221,7 @@ evt_parse_plcores(struct evt_options *opt, const char *corelist) +@@ -218,7 +218,7 @@ evt_parse_plcores(struct evt_options *opt, const char *corelist) @@ -35 +36 @@ -@@ -233,7 +233,7 @@ evt_parse_work_lcores(struct evt_options *opt, const char *corelist) +@@ -230,7 +230,7 @@ evt_parse_work_lcores(struct evt_options *opt, const char *corelist)