The hexadecimal string parser does not check the target field buffer size, buffer overflow happens and might cause the application failure (segmentation fault is observed usually). Fixes: 169a9fed1f4c ("app/testpmd: fix hex string parser support for flow API") Cc: stable@dpdk.org Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com> --- app/test-pmd/cmdline_flow.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/test-pmd/cmdline_flow.c b/app/test-pmd/cmdline_flow.c index 529ead6b2a..9e7fe1ae9f 100644 --- a/app/test-pmd/cmdline_flow.c +++ b/app/test-pmd/cmdline_flow.c @@ -7291,10 +7291,13 @@ parse_hex(struct context *ctx, const struct token *token, hexlen -= 2; } if (hexlen > length) - return -1; + goto error; ret = parse_hex_string(str, hex_tmp, &hexlen); if (ret < 0) goto error; + /* Check the converted binary fits into data buffer. */ + if (hexlen > size) + goto error; /* Let parse_int() fill length information first. */ ret = snprintf(tmp, sizeof(tmp), "%u", hexlen); if (ret < 0) -- 2.18.1
The hexadecimal string parser does not check the target field buffer size, buffer overflow happens and might cause the application failure (segmentation fault is observed usually). Fixes: 169a9fed1f4c ("app/testpmd: fix hex string parser support for flow API") Cc: stable@dpdk.org Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com> --- app/test-pmd/cmdline_flow.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/test-pmd/cmdline_flow.c b/app/test-pmd/cmdline_flow.c index 736029c4fd..6827d9228f 100644 --- a/app/test-pmd/cmdline_flow.c +++ b/app/test-pmd/cmdline_flow.c @@ -7291,10 +7291,13 @@ parse_hex(struct context *ctx, const struct token *token, hexlen -= 2; } if (hexlen > length) - return -1; + goto error; ret = parse_hex_string(str, hex_tmp, &hexlen); if (ret < 0) goto error; + /* Check the converted binary fits into data buffer. */ + if (hexlen > size) + goto error; /* Let parse_int() fill length information first. */ ret = snprintf(tmp, sizeof(tmp), "%u", hexlen); if (ret < 0) -- 2.18.1
The hexadecimal string parser does not check the target field buffer size, buffer overflow happens and might cause the application failure (segmentation fault is observed usually). Fixes: 169a9fed1f4c ("app/testpmd: fix hex string parser support for flow API") Cc: stable@dpdk.org Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com> --- app/test-pmd/cmdline_flow.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/test-pmd/cmdline_flow.c b/app/test-pmd/cmdline_flow.c index 736029c4fd..6827d9228f 100644 --- a/app/test-pmd/cmdline_flow.c +++ b/app/test-pmd/cmdline_flow.c @@ -7291,10 +7291,13 @@ parse_hex(struct context *ctx, const struct token *token, hexlen -= 2; } if (hexlen > length) - return -1; + goto error; ret = parse_hex_string(str, hex_tmp, &hexlen); if (ret < 0) goto error; + /* Check the converted binary fits into data buffer. */ + if (hexlen > size) + goto error; /* Let parse_int() fill length information first. */ ret = snprintf(tmp, sizeof(tmp), "%u", hexlen); if (ret < 0) -- 2.18.1
Hi Slava,
> -----Original Message-----
> From: Slava Ovsiienko <viacheslavo@nvidia.com>
> Sent: Monday, October 11, 2021 2:46 AM
> Subject: [PATCH v2 3/5] app/testpmd: fix hex string parser in flow commands
>
> The hexadecimal string parser does not check the target field buffer size, buffer overflow happens and
> might cause the application failure (segmentation fault is observed usually).
>
> Fixes: 169a9fed1f4c ("app/testpmd: fix hex string parser support for flow API")
> Cc: stable@dpdk.org
>
> Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
> ---
> app/test-pmd/cmdline_flow.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/app/test-pmd/cmdline_flow.c b/app/test-pmd/cmdline_flow.c index
> 736029c4fd..6827d9228f 100644
> --- a/app/test-pmd/cmdline_flow.c
> +++ b/app/test-pmd/cmdline_flow.c
> @@ -7291,10 +7291,13 @@ parse_hex(struct context *ctx, const struct token *token,
> hexlen -= 2;
> }
> if (hexlen > length)
> - return -1;
> + goto error;
> ret = parse_hex_string(str, hex_tmp, &hexlen);
> if (ret < 0)
> goto error;
> + /* Check the converted binary fits into data buffer. */
> + if (hexlen > size)
> + goto error;
> /* Let parse_int() fill length information first. */
> ret = snprintf(tmp, sizeof(tmp), "%u", hexlen);
> if (ret < 0)
> --
> 2.18.1
Acked-by: Ori Kam <orika@nvidia.com>
Thanks,
Ori
EXPERIMENTAL tag was missed in rte_flow_action_modify_data structure description. Fixes: 73b68f4c54a0 ("ethdev: introduce generic modify flow action") Cc: stable@dpdk.org Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com> --- lib/ethdev/rte_flow.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/ethdev/rte_flow.h b/lib/ethdev/rte_flow.h index f14f77772b..8a1eddd0b7 100644 --- a/lib/ethdev/rte_flow.h +++ b/lib/ethdev/rte_flow.h @@ -3204,6 +3204,9 @@ enum rte_flow_field_id { }; /** + * @warning + * @b EXPERIMENTAL: this structure may change without prior notice + * * Field description for MODIFY_FIELD action. */ struct rte_flow_action_modify_data { -- 2.18.1
The hexadecimal string parser does not check the target field buffer size, buffer overflow happens and might cause the application failure (segmentation fault is observed usually). Fixes: 169a9fed1f4c ("app/testpmd: fix hex string parser support for flow API") Cc: stable@dpdk.org Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com> Acked-by: Ori Kam <orika@nvidia.com> --- app/test-pmd/cmdline_flow.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/test-pmd/cmdline_flow.c b/app/test-pmd/cmdline_flow.c index 736029c4fd..6827d9228f 100644 --- a/app/test-pmd/cmdline_flow.c +++ b/app/test-pmd/cmdline_flow.c @@ -7291,10 +7291,13 @@ parse_hex(struct context *ctx, const struct token *token, hexlen -= 2; } if (hexlen > length) - return -1; + goto error; ret = parse_hex_string(str, hex_tmp, &hexlen); if (ret < 0) goto error; + /* Check the converted binary fits into data buffer. */ + if (hexlen > size) + goto error; /* Let parse_int() fill length information first. */ ret = snprintf(tmp, sizeof(tmp), "%u", hexlen); if (ret < 0) -- 2.18.1
Hi Slava,
> -----Original Message-----
> From: Slava Ovsiienko <viacheslavo@nvidia.com>
> Sent: Tuesday, October 12, 2021 11:06 AM
> To: dev@dpdk.org
> Subject: [PATCH v3 2/5] ethdev: fix missed experimental tag for modify field action
>
> EXPERIMENTAL tag was missed in rte_flow_action_modify_data structure description.
>
> Fixes: 73b68f4c54a0 ("ethdev: introduce generic modify flow action")
> Cc: stable@dpdk.org
>
> Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
> ---
> lib/ethdev/rte_flow.h | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/lib/ethdev/rte_flow.h b/lib/ethdev/rte_flow.h index f14f77772b..8a1eddd0b7 100644
> --- a/lib/ethdev/rte_flow.h
> +++ b/lib/ethdev/rte_flow.h
> @@ -3204,6 +3204,9 @@ enum rte_flow_field_id { };
>
> /**
> + * @warning
> + * @b EXPERIMENTAL: this structure may change without prior notice
> + *
> * Field description for MODIFY_FIELD action.
> */
> struct rte_flow_action_modify_data {
> --
> 2.18.1
Acked-by: Ori Kam <orika@nvidia.com>
Thanks,
Ori
On 10/12/21 11:06 AM, Viacheslav Ovsiienko wrote:
> EXPERIMENTAL tag was missed in rte_flow_action_modify_data
> structure description.
>
> Fixes: 73b68f4c54a0 ("ethdev: introduce generic modify flow action")
> Cc: stable@dpdk.org
>
> Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
Acked-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
EXPERIMENTAL tag was missed in rte_flow_action_modify_data structure description. Fixes: 73b68f4c54a0 ("ethdev: introduce generic modify flow action") Cc: stable@dpdk.org Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com> Acked-by: Ori Kam <orika@nvidia.com> Acked-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru> --- lib/ethdev/rte_flow.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/ethdev/rte_flow.h b/lib/ethdev/rte_flow.h index f14f77772b..8a1eddd0b7 100644 --- a/lib/ethdev/rte_flow.h +++ b/lib/ethdev/rte_flow.h @@ -3204,6 +3204,9 @@ enum rte_flow_field_id { }; /** + * @warning + * @b EXPERIMENTAL: this structure may change without prior notice + * * Field description for MODIFY_FIELD action. */ struct rte_flow_action_modify_data { -- 2.18.1
The hexadecimal string parser does not check the target field buffer size, buffer overflow happens and might cause the application failure (segmentation fault is observed usually). Fixes: 169a9fed1f4c ("app/testpmd: fix hex string parser support for flow API") Cc: stable@dpdk.org Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com> Acked-by: Ori Kam <orika@nvidia.com> --- app/test-pmd/cmdline_flow.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/test-pmd/cmdline_flow.c b/app/test-pmd/cmdline_flow.c index 736029c4fd..6827d9228f 100644 --- a/app/test-pmd/cmdline_flow.c +++ b/app/test-pmd/cmdline_flow.c @@ -7291,10 +7291,13 @@ parse_hex(struct context *ctx, const struct token *token, hexlen -= 2; } if (hexlen > length) - return -1; + goto error; ret = parse_hex_string(str, hex_tmp, &hexlen); if (ret < 0) goto error; + /* Check the converted binary fits into data buffer. */ + if (hexlen > size) + goto error; /* Let parse_int() fill length information first. */ ret = snprintf(tmp, sizeof(tmp), "%u", hexlen); if (ret < 0) -- 2.18.1
EXPERIMENTAL tag was missed in rte_flow_action_modify_data structure description. Fixes: 73b68f4c54a0 ("ethdev: introduce generic modify flow action") Cc: stable@dpdk.org Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com> Acked-by: Ori Kam <orika@nvidia.com> Acked-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru> --- lib/ethdev/rte_flow.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/ethdev/rte_flow.h b/lib/ethdev/rte_flow.h index f14f77772b..8a1eddd0b7 100644 --- a/lib/ethdev/rte_flow.h +++ b/lib/ethdev/rte_flow.h @@ -3204,6 +3204,9 @@ enum rte_flow_field_id { }; /** + * @warning + * @b EXPERIMENTAL: this structure may change without prior notice + * * Field description for MODIFY_FIELD action. */ struct rte_flow_action_modify_data { -- 2.18.1
The hexadecimal string parser does not check the target field buffer size, buffer overflow happens and might cause the application failure (segmentation fault is observed usually). Fixes: 169a9fed1f4c ("app/testpmd: fix hex string parser support for flow API") Cc: stable@dpdk.org Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com> Acked-by: Ori Kam <orika@nvidia.com> --- app/test-pmd/cmdline_flow.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/test-pmd/cmdline_flow.c b/app/test-pmd/cmdline_flow.c index 736029c4fd..6827d9228f 100644 --- a/app/test-pmd/cmdline_flow.c +++ b/app/test-pmd/cmdline_flow.c @@ -7291,10 +7291,13 @@ parse_hex(struct context *ctx, const struct token *token, hexlen -= 2; } if (hexlen > length) - return -1; + goto error; ret = parse_hex_string(str, hex_tmp, &hexlen); if (ret < 0) goto error; + /* Check the converted binary fits into data buffer. */ + if (hexlen > size) + goto error; /* Let parse_int() fill length information first. */ ret = snprintf(tmp, sizeof(tmp), "%u", hexlen); if (ret < 0) -- 2.18.1