From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3EEC4A04BB for ; Tue, 6 Oct 2020 10:48:28 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 350BBB62; Tue, 6 Oct 2020 10:48:27 +0200 (CEST) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by dpdk.org (Postfix) with ESMTP id 9359AB62; Tue, 6 Oct 2020 10:48:24 +0200 (CEST) IronPort-SDR: 3k4V9JGMjoL0D+rQzl6EMsUUTdSWPSdBsVtEC4v8z9m6epRzQIdf1ijDQQZ03eM9VDbh+nsyl3 jnVjuZ7Ucc+w== X-IronPort-AV: E=McAfee;i="6000,8403,9765"; a="144322012" X-IronPort-AV: E=Sophos;i="5.77,342,1596524400"; d="scan'208";a="144322012" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Oct 2020 01:48:22 -0700 IronPort-SDR: jjZ9NO+uPl72TdewCL8ctSIo8uIUB66QnXp8qMQXmNDQq1M+wOdaVgUbyTdcw73L3bQARw4ery ZpzYevXUoAhg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,342,1596524400"; d="scan'208";a="418095876" Received: from orsmsx605.amr.corp.intel.com ([10.22.229.18]) by fmsmga001.fm.intel.com with ESMTP; 06 Oct 2020 01:48:22 -0700 Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 6 Oct 2020 01:48:21 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Tue, 6 Oct 2020 01:48:21 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.175) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Tue, 6 Oct 2020 01:48:19 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g+GBEs75Wzg/igx5E51DcPc6PPJK2nIvq0o6yl9evg6wAg32YSV0c+2jAPrfjruJqiJ0UlL9nBc0zFKeQ2tud+gEYljxtt4pGBzo6VQ8O+lHt2MIYBWUtC3c/xme1BwYORUAXA2ta09rSzQMYwrtDXGBk6EEXNGoSQ5PudQDeLXgUQiyLKOfSNCLTNwyCijhli26+QPx618Qkw++wlp+mKqry2lLI8+JtTpctwlzsjyVDtHGBHQhIt2x5Hy3YqssdAysVlG6qcGD1cJZiGCNffVtz6yPQGHjdAxJ8osawoS2XPiX3pGUOVR1aqb0msEoStflGSR7R86Xxnm8g+Nz1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i9PHxlCyEsabNeBosgZBQogsDcQsofmNtPdaJup4mGY=; b=PiG8xuu/H2QmINB26hIL6HF4oHI1tzsrGAD+rJxQW5Jl9/iV8heRe4D1CZ96IVaRCYEiLg/PBLdKZLL9OZ405vXaHRHFhE1xcmdv6eHnGD5jMfn+T1vSWr4VnMDZNRZ27BIUBeDgtYXGl+m7gETOWLbAYyI/1Lh44kG3E+12xpiaVeaIhifdKu8URXdB9vORXifLa5/iGfQHTTDwOqpPY7H62NEUf0H2EBQ5ehBfC2fRGxhvsEH8WL440tcxsJSUMlUPxKvkWQIvvalhqFUqgJ1lnoEjPa8LuxAwmQnj6hAnCcubjmsV2VyX7DpebZsJTpOdbYsmd2ZBJfCkV+az/w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i9PHxlCyEsabNeBosgZBQogsDcQsofmNtPdaJup4mGY=; b=WoelEr0BOXYtF8mpLM/x/SyJTu03YM6XIn/P2XaKGKeP5kVhOf2oEtrR9QzjYY2GmJthgU/ZiW9is5jv/5vT+mIX2uGZQAGyd41mM9rPnXD1jjuWeDjjTI0Oq1EYDH7Dwe4tVQJ5oTtz1UbKhLm/6KzXMRKZQx+qY8sQiFTFYbQ= Received: from BL0PR11MB3043.namprd11.prod.outlook.com (2603:10b6:208:33::19) by BL0PR11MB3186.namprd11.prod.outlook.com (2603:10b6:208:65::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.43; Tue, 6 Oct 2020 08:48:18 +0000 Received: from BL0PR11MB3043.namprd11.prod.outlook.com ([fe80::11fa:a7fe:329d:9239]) by BL0PR11MB3043.namprd11.prod.outlook.com ([fe80::11fa:a7fe:329d:9239%5]) with mapi id 15.20.3433.045; Tue, 6 Oct 2020 08:48:18 +0000 From: "Zhang, Roy Fan" To: Olivier Matz , "dev@dpdk.org" CC: "Kovacevic, Marko" , Akhil Goyal , "Kusztal, ArkadiuszX" , "stable@dpdk.org" Thread-Topic: [PATCH 1/3] examples/fips_validation: fix buffer overflow Thread-Index: AQHWm7Q4jxLhL4/1lkKD5x+3eHiaXamKQ1Sw Date: Tue, 6 Oct 2020 08:48:18 +0000 Message-ID: References: <20201006074143.31691-1-olivier.matz@6wind.com> <20201006074143.31691-2-olivier.matz@6wind.com> In-Reply-To: <20201006074143.31691-2-olivier.matz@6wind.com> Accept-Language: zh-Hans-HK, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-reaction: no-action dlp-product: dlpe-windows authentication-results: 6wind.com; dkim=none (message not signed) header.d=none;6wind.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [95.44.220.85] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 94fdc782-38f4-420c-56f6-08d869d4926b x-ms-traffictypediagnostic: BL0PR11MB3186: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:480; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: nNt+Mp4ZK7ctgpZ7p0qU5Idx52PTmJQjFu5P2hlYdLswBZWWU6MBESMvmlb4fKJsyuqt/tLPKT/zxTpgTh4zYt4aAneWiMQx1po8oy4w8JNJEg5h/6ZgOgMN5d+hj6gnY3MdzT7yIz+snM9sB71JVSsgeSxzuxJLU0abZr66AHNLi+W7GkbJCT0K3wiHulSRQ6oNsN43Yyvi/q1KD+An5nhvqu2/Efhy8QDdv+jJlnvd+DxAQdI7ahfHo0xz5IV61UI9XXY5rZ5qs9vIB5VKhxbcrMEhlTg0dr5zuDAEXg0x3zLKr/ZOVC5pdVbhosZLDysjljAcAbLIyPQ66WlZJQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR11MB3043.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(366004)(136003)(346002)(39860400002)(376002)(4744005)(4326008)(55016002)(478600001)(71200400001)(52536014)(110136005)(76116006)(83380400001)(54906003)(2906002)(86362001)(8936002)(33656002)(26005)(9686003)(66946007)(66556008)(64756008)(66446008)(5660300002)(7696005)(8676002)(316002)(186003)(6506007)(53546011)(66476007); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata: xs8+jDy+W6DBf6DLVkZN35UJk+7ebblFXZiWQ4UJdyGFc/uG5QLci+/8eq9akMU6d6UgMXPVqERviysP7PS7mTgnJ1qcp/vlX43SFGxJed8vnr0ztmtCy3Tjq0cUtDROVu2G4RgvPvTHFmdabuu2fAetQn3Dg4QIeNBYZ1Mp524o7ewuTtFggotexZUbC38ePtbMzkIp7HAYMZ3lTnYwXWf7FPwuPtIi6MwdUpYYpzXHR4m/3qItsO+LkeTYFsHRyNcD1p080ndqN4FqLFYl3trGfQzmjNjDr+oATUWgcQKK/E/gN3uAlZRMhonAny4MQfUo64JdUsoqCI7cb+UrKsyJWn2SApE0jFeK22YDqyUj9ZU/m0knh0I8+ZnhrnqHFxSC3lUNIyJwDVaQFTOGMiqAtBcQtoVhdAy42Qd19a0O/gqx0cv14mF2VOGLzna07l5IQcd/tDagUq+nMiwlAtM1vGcs59eRRn4TBpq/eBQ+8bAkq2pSVldndWD+k065ixj906XMI2APRblSuNXcGanSh6XHJuWs5M3ELOn9HN3WEAUrA+wVe1zSp3CjRc0VHQAXRpvhfQ9Ttw6EeWC3xTLAUNNflVhqhxFHPZZhMkQea9qvDcODooic1vMjRpmoRpF4etSkWJ44QRC6mdG2lA== Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BL0PR11MB3043.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 94fdc782-38f4-420c-56f6-08d869d4926b X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Oct 2020 08:48:18.2407 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 9cpsJf0npbvCZW2uXRJBN7Ty+yG7bArjVnFzFwWPjhSYa1wVXsfpVfOzk2pkyVHk1HWNbY2fmQ5VZMaDugwugA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR11MB3186 X-OriginatorOrg: intel.com Subject: Re: [dpdk-stable] [PATCH 1/3] examples/fips_validation: fix buffer overflow X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" > -----Original Message----- > From: Olivier Matz > Sent: Tuesday, October 6, 2020 8:42 AM > To: dev@dpdk.org > Cc: Kovacevic, Marko ; Akhil Goyal > ; Zhang, Roy Fan ; Kusztal, > ArkadiuszX ; stable@dpdk.org > Subject: [PATCH 1/3] examples/fips_validation: fix buffer overflow >=20 > If the file name is larger than MAX_STRING_SIZE (64), strcpy() > will overwrite the content of memory. >=20 > Replace strcpy() by rte_strscpy(), check its return value, and > increase file_name size to 256. >=20 > Fixes: 3d0fad56b74a ("examples/fips_validation: add crypto FIPS applicati= on") > Cc: stable@dpdk.org >=20 > Signed-off-by: Olivier Matz > --- Acked-by: Fan Zhang