patches for DPDK stable branches
 help / color / mirror / Atom feed
* [PATCH v1] eal/linux: fix memory illegal accesses
@ 2022-02-23  8:49 Steve Yang
  2022-02-23 11:26 ` Ferruh Yigit
  0 siblings, 1 reply; 3+ messages in thread
From: Steve Yang @ 2022-02-23  8:49 UTC (permalink / raw)
  To: dev; +Cc: ferruh.yigit, Steve Yang, stable

'recv()' fills the 'buf', later 'strlcpy()' used to copy from this buffer.
But as coverity warns 'recv()' doesn't guarantee that 'buf' is
null-terminated, but 'strlcpy()' requires it.

Enlarge 'buf' size to 'EAL_UEV_MSG_LEN + 1' and ensure the last one can
be set to 0 when received buffer size is EAL_UEV_MSG_LEN.

CID 375864:  Memory - illegal accesses  (STRING_NULL)
Passing unterminated string "buf" to "dev_uev_parse", which expects
a null-terminated string.

Coverity issue: 375864
Fixes: 0d0f478d0483 ("eal/linux: add uevent parse and process")
Cc: stable@dpdk.org

Signed-off-by: Steve Yang <stevex.yang@intel.com>
---
 lib/eal/linux/eal_dev.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/eal/linux/eal_dev.c b/lib/eal/linux/eal_dev.c
index bde55a3d92..851789e85c 100644
--- a/lib/eal/linux/eal_dev.c
+++ b/lib/eal/linux/eal_dev.c
@@ -231,13 +231,13 @@ dev_uev_handler(__rte_unused void *param)
 {
 	struct rte_dev_event uevent;
 	int ret;
-	char buf[EAL_UEV_MSG_LEN];
+	char buf[EAL_UEV_MSG_LEN + 1];
 	struct rte_bus *bus;
 	struct rte_device *dev;
 	const char *busname = "";
 
 	memset(&uevent, 0, sizeof(struct rte_dev_event));
-	memset(buf, 0, EAL_UEV_MSG_LEN);
+	memset(buf, 0, EAL_UEV_MSG_LEN + 1);
 
 	if (rte_intr_fd_get(intr_handle) < 0)
 		return;
-- 
2.27.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v1] eal/linux: fix memory illegal accesses
  2022-02-23  8:49 [PATCH v1] eal/linux: fix memory illegal accesses Steve Yang
@ 2022-02-23 11:26 ` Ferruh Yigit
  2022-02-27 18:15   ` Thomas Monjalon
  0 siblings, 1 reply; 3+ messages in thread
From: Ferruh Yigit @ 2022-02-23 11:26 UTC (permalink / raw)
  To: Steve Yang, dev; +Cc: stable

On 2/23/2022 8:49 AM, Steve Yang wrote:
> 'recv()' fills the 'buf', later 'strlcpy()' used to copy from this buffer.
> But as coverity warns 'recv()' doesn't guarantee that 'buf' is
> null-terminated, but 'strlcpy()' requires it.
> 
> Enlarge 'buf' size to 'EAL_UEV_MSG_LEN + 1' and ensure the last one can
> be set to 0 when received buffer size is EAL_UEV_MSG_LEN.
> 
> CID 375864:  Memory - illegal accesses  (STRING_NULL)
> Passing unterminated string "buf" to "dev_uev_parse", which expects
> a null-terminated string.
> 
> Coverity issue: 375864
> Fixes: 0d0f478d0483 ("eal/linux: add uevent parse and process")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Steve Yang <stevex.yang@intel.com>

Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v1] eal/linux: fix memory illegal accesses
  2022-02-23 11:26 ` Ferruh Yigit
@ 2022-02-27 18:15   ` Thomas Monjalon
  0 siblings, 0 replies; 3+ messages in thread
From: Thomas Monjalon @ 2022-02-27 18:15 UTC (permalink / raw)
  To: Steve Yang; +Cc: dev, stable, Ferruh Yigit

23/02/2022 12:26, Ferruh Yigit:
> On 2/23/2022 8:49 AM, Steve Yang wrote:
> > 'recv()' fills the 'buf', later 'strlcpy()' used to copy from this buffer.
> > But as coverity warns 'recv()' doesn't guarantee that 'buf' is
> > null-terminated, but 'strlcpy()' requires it.
> > 
> > Enlarge 'buf' size to 'EAL_UEV_MSG_LEN + 1' and ensure the last one can
> > be set to 0 when received buffer size is EAL_UEV_MSG_LEN.
> > 
> > CID 375864:  Memory - illegal accesses  (STRING_NULL)
> > Passing unterminated string "buf" to "dev_uev_parse", which expects
> > a null-terminated string.
> > 
> > Coverity issue: 375864
> > Fixes: 0d0f478d0483 ("eal/linux: add uevent parse and process")
> > Cc: stable@dpdk.org
> > 
> > Signed-off-by: Steve Yang <stevex.yang@intel.com>
> 
> Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>

Applied, thanks.




^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-02-27 18:15 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-23  8:49 [PATCH v1] eal/linux: fix memory illegal accesses Steve Yang
2022-02-23 11:26 ` Ferruh Yigit
2022-02-27 18:15   ` Thomas Monjalon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).