From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3A165A04A4 for ; Wed, 2 Mar 2022 11:55:05 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 342E64272D; Wed, 2 Mar 2022 11:55:05 +0100 (CET) Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by mails.dpdk.org (Postfix) with ESMTP id 7D9834272D; Wed, 2 Mar 2022 11:55:03 +0100 (CET) Received: from dggpemm500024.china.huawei.com (unknown [172.30.72.55]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4K7rZc1F6KzdfjN; Wed, 2 Mar 2022 18:53:44 +0800 (CST) Received: from dggpemm500006.china.huawei.com (7.185.36.236) by dggpemm500024.china.huawei.com (7.185.36.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Wed, 2 Mar 2022 18:55:01 +0800 Received: from dggpemm500008.china.huawei.com (7.185.36.136) by dggpemm500006.china.huawei.com (7.185.36.236) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Wed, 2 Mar 2022 18:55:01 +0800 Received: from dggpemm500008.china.huawei.com ([7.185.36.136]) by dggpemm500008.china.huawei.com ([7.185.36.136]) with mapi id 15.01.2308.021; Wed, 2 Mar 2022 18:55:01 +0800 From: wangyunjian To: wangyunjian , "dev@dpdk.org" , "rasland@nvidia.com" CC: "matan@nvidia.com" , "viacheslavo@nvidia.com" , dingxiaoxiong , xudingke , "stable@dpdk.org" Subject: RE: [dpdk-dev] [PATCH 1/1] net/mlx5: fix stack buffer overflow Thread-Topic: [dpdk-dev] [PATCH 1/1] net/mlx5: fix stack buffer overflow Thread-Index: AQHX9j2nhl/g4frlMUiVVDs6cJub+ayJyBDwgCKTS2A= Date: Wed, 2 Mar 2022 10:55:01 +0000 Message-ID: <4d42fe63043a4858a3bf0481ac8d29ea@huawei.com> References: <782531af297f80054ea965893bf2ed4a71af472c.1640071468.git.wangyunjian@huawei.com> <5244a771569a445eabbc2a61b52e4175@huawei.com> In-Reply-To: <5244a771569a445eabbc2a61b52e4175@huawei.com> Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.174.242.157] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter-Loop: Reflected X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Is there any ideas on this bug? -----Original Message----- From: wangyunjian [mailto:wangyunjian@huawei.com]=20 Sent: Tuesday, February 8, 2022 6:55 PM To: dev@dpdk.org Cc: matan@nvidia.com; viacheslavo@nvidia.com; dingxiaoxiong ; xudingke ; stable@dpdk.org Subject: RE: [dpdk-dev] [PATCH 1/1] net/mlx5: fix stack buffer overflow Friendly ping. > -----Original Message----- > From: wangyunjian > Sent: Tuesday, December 21, 2021 3:38 PM > To: dev@dpdk.org > Cc: matan@nvidia.com; viacheslavo@nvidia.com; dingxiaoxiong=20 > ; xudingke ;=20 > wangyunjian ; stable@dpdk.org > Subject: [dpdk-dev] [PATCH 1/1] net/mlx5: fix stack buffer overflow >=20 > The mlx5_sysfs_switch_info function get 'phys_port_name' buffer, using=20 > 'IF_NAMESIZE' for that case will be wrong and it can cause buffer overflo= w. >=20 > Detected with address sanitizer: > 0 (/usr/lib64/libasan.so.4+0x60b57) > 1 vfscanf (/usr/lib64/libasan.so.4+0x6170f) > 2 __interceptor_fscanf (/usr/lib64/libasan.so.4+0x61823) > 3 mlx5_sysfs_switch_info=20 > ../drivers/net/mlx5/linux/mlx5_ethdev_os.c:1098 > 4 mlx5_os_pci_probe_pf ../drivers/net/mlx5/linux/mlx5_os.c:2417 > 5 mlx5_os_pci_probe ../drivers/net/mlx5/linux/mlx5_os.c:2647 > 6 mlx5_os_net_probe ../drivers/net/mlx5/linux/mlx5_os.c:2722 > 7 drivers_probe ../drivers/common/mlx5/mlx5_common.c:657 > 8 mlx5_common_dev_probe ../drivers/common/mlx5/mlx5_common.c:711 > 9 rte_pci_probe_one_driver ../drivers/bus/pci/pci_common.c:269 > 10 pci_probe_all_drivers ../drivers/bus/pci/pci_common.c:353 > 11 pci_probe ../drivers/bus/pci/pci_common.c:380 > 12 rte_bus_probe ../lib/eal/common/eal_common_bus.c:72 > 13 rte_eal_init ../lib/eal/linux/eal.c:1286 > 14 main ../app/test-pmd/testpmd.c:4112 > 15 __libc_start_main (/usr/lib64/libc.so.6+0x23f7f) > 16 _start (dpdk/arm64-armv8a-linuxapp-gcc/app/dpdk-testpmd+0x4c88a3) >=20 > Fixes: 63d1db710fbc ("net/mlx5: fix unlimited parsing of switch info") > Cc: stable@dpdk.org >=20 > Signed-off-by: Yunjian Wang > --- > drivers/net/mlx5/linux/mlx5_ethdev_os.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >=20 > diff --git a/drivers/net/mlx5/linux/mlx5_ethdev_os.c > b/drivers/net/mlx5/linux/mlx5_ethdev_os.c > index c19825ee52..1d97110864 100644 > --- a/drivers/net/mlx5/linux/mlx5_ethdev_os.c > +++ b/drivers/net/mlx5/linux/mlx5_ethdev_os.c > @@ -1066,7 +1066,7 @@ int > mlx5_sysfs_switch_info(unsigned int ifindex, struct mlx5_switch_info *in= fo) { > char ifname[IF_NAMESIZE]; > - char port_name[IF_NAMESIZE]; > + char port_name[IF_NAMESIZE + 1]; > FILE *file; > struct mlx5_switch_info data =3D { > .master =3D 0, > -- > 2.27.0