From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 3A165A04A4
	for <public@inbox.dpdk.org>; Wed,  2 Mar 2022 11:55:05 +0100 (CET)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 342E64272D;
	Wed,  2 Mar 2022 11:55:05 +0100 (CET)
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188])
 by mails.dpdk.org (Postfix) with ESMTP id 7D9834272D;
 Wed,  2 Mar 2022 11:55:03 +0100 (CET)
Received: from dggpemm500024.china.huawei.com (unknown [172.30.72.55])
 by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4K7rZc1F6KzdfjN;
 Wed,  2 Mar 2022 18:53:44 +0800 (CST)
Received: from dggpemm500006.china.huawei.com (7.185.36.236) by
 dggpemm500024.china.huawei.com (7.185.36.203) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.21; Wed, 2 Mar 2022 18:55:01 +0800
Received: from dggpemm500008.china.huawei.com (7.185.36.136) by
 dggpemm500006.china.huawei.com (7.185.36.236) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.21; Wed, 2 Mar 2022 18:55:01 +0800
Received: from dggpemm500008.china.huawei.com ([7.185.36.136]) by
 dggpemm500008.china.huawei.com ([7.185.36.136]) with mapi id 15.01.2308.021;
 Wed, 2 Mar 2022 18:55:01 +0800
From: wangyunjian <wangyunjian@huawei.com>
To: wangyunjian <wangyunjian@huawei.com>, "dev@dpdk.org" <dev@dpdk.org>,
 "rasland@nvidia.com" <rasland@nvidia.com>
CC: "matan@nvidia.com" <matan@nvidia.com>, "viacheslavo@nvidia.com"
 <viacheslavo@nvidia.com>, dingxiaoxiong <dingxiaoxiong@huawei.com>, xudingke
 <xudingke@huawei.com>, "stable@dpdk.org" <stable@dpdk.org>
Subject: RE: [dpdk-dev] [PATCH 1/1] net/mlx5: fix stack buffer overflow
Thread-Topic: [dpdk-dev] [PATCH 1/1] net/mlx5: fix stack buffer overflow
Thread-Index: AQHX9j2nhl/g4frlMUiVVDs6cJub+ayJyBDwgCKTS2A=
Date: Wed, 2 Mar 2022 10:55:01 +0000
Message-ID: <4d42fe63043a4858a3bf0481ac8d29ea@huawei.com>
References: <782531af297f80054ea965893bf2ed4a71af472c.1640071468.git.wangyunjian@huawei.com>
 <5244a771569a445eabbc2a61b52e4175@huawei.com>
In-Reply-To: <5244a771569a445eabbc2a61b52e4175@huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.174.242.157]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Is there any ideas on this bug?

-----Original Message-----
From: wangyunjian [mailto:wangyunjian@huawei.com]=20
Sent: Tuesday, February 8, 2022 6:55 PM
To: dev@dpdk.org
Cc: matan@nvidia.com; viacheslavo@nvidia.com; dingxiaoxiong <dingxiaoxiong@=
huawei.com>; xudingke <xudingke@huawei.com>; stable@dpdk.org
Subject: RE: [dpdk-dev] [PATCH 1/1] net/mlx5: fix stack buffer overflow

Friendly ping.

> -----Original Message-----
> From: wangyunjian
> Sent: Tuesday, December 21, 2021 3:38 PM
> To: dev@dpdk.org
> Cc: matan@nvidia.com; viacheslavo@nvidia.com; dingxiaoxiong=20
> <dingxiaoxiong@huawei.com>; xudingke <xudingke@huawei.com>;=20
> wangyunjian <wangyunjian@huawei.com>; stable@dpdk.org
> Subject: [dpdk-dev] [PATCH 1/1] net/mlx5: fix stack buffer overflow
>=20
> The mlx5_sysfs_switch_info function get 'phys_port_name' buffer, using=20
> 'IF_NAMESIZE' for that case will be wrong and it can cause buffer overflo=
w.
>=20
> Detected with address sanitizer:
> 0 (/usr/lib64/libasan.so.4+0x60b57)
> 1 vfscanf (/usr/lib64/libasan.so.4+0x6170f)
> 2 __interceptor_fscanf (/usr/lib64/libasan.so.4+0x61823)
> 3 mlx5_sysfs_switch_info=20
> ../drivers/net/mlx5/linux/mlx5_ethdev_os.c:1098
> 4 mlx5_os_pci_probe_pf ../drivers/net/mlx5/linux/mlx5_os.c:2417
> 5 mlx5_os_pci_probe ../drivers/net/mlx5/linux/mlx5_os.c:2647
> 6 mlx5_os_net_probe ../drivers/net/mlx5/linux/mlx5_os.c:2722
> 7 drivers_probe ../drivers/common/mlx5/mlx5_common.c:657
> 8 mlx5_common_dev_probe ../drivers/common/mlx5/mlx5_common.c:711
> 9 rte_pci_probe_one_driver ../drivers/bus/pci/pci_common.c:269
> 10 pci_probe_all_drivers ../drivers/bus/pci/pci_common.c:353
> 11 pci_probe ../drivers/bus/pci/pci_common.c:380
> 12 rte_bus_probe ../lib/eal/common/eal_common_bus.c:72
> 13 rte_eal_init ../lib/eal/linux/eal.c:1286
> 14 main ../app/test-pmd/testpmd.c:4112
> 15 __libc_start_main (/usr/lib64/libc.so.6+0x23f7f)
> 16 _start (dpdk/arm64-armv8a-linuxapp-gcc/app/dpdk-testpmd+0x4c88a3)
>=20
> Fixes: 63d1db710fbc ("net/mlx5: fix unlimited parsing of switch info")
> Cc: stable@dpdk.org
>=20
> Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
> ---
>  drivers/net/mlx5/linux/mlx5_ethdev_os.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>=20
> diff --git a/drivers/net/mlx5/linux/mlx5_ethdev_os.c
> b/drivers/net/mlx5/linux/mlx5_ethdev_os.c
> index c19825ee52..1d97110864 100644
> --- a/drivers/net/mlx5/linux/mlx5_ethdev_os.c
> +++ b/drivers/net/mlx5/linux/mlx5_ethdev_os.c
> @@ -1066,7 +1066,7 @@ int
>  mlx5_sysfs_switch_info(unsigned int ifindex, struct mlx5_switch_info *in=
fo)  {
>  	char ifname[IF_NAMESIZE];
> -	char port_name[IF_NAMESIZE];
> +	char port_name[IF_NAMESIZE + 1];
>  	FILE *file;
>  	struct mlx5_switch_info data =3D {
>  		.master =3D 0,
> --
> 2.27.0