Re: [dpdk-dev] [PATCH] librte_cmdline: FreeBSD Fix oveflow when size of command result structure is greater than BUFSIZ

["Carew, Alan" <alan.carew@intel.com>]

A comment on my own patch.

Making the size of result_buf consistent across each OS and keeping it as large
as the Linux BUFSIZ(8192) doesn't really address the core issue.

In the event that a user of librte_cmdline creates a custom context with a
result structure > 8192 bytes then this problem will occur again, though 
somewhat unlikely, as the minimum number of the largest type would be 64 x 
cmdline_fixed_string_t types within a result structure, at its current size.

There is no checking of overflow, I would be tempted to add a runtime check in
cmdline_parse()/match_inst(), however I would be more comfortable with a build
time check for this type of problem.

Due to the opaque handling of user defined contexts there is no obvious way to
do this at build time.

Thoughts?

> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Alan Carew
> Sent: Monday, October 20, 2014 4:23 PM
> To: dev@dpdk.org
> Subject: [dpdk-dev] [PATCH] librte_cmdline: FreeBSD Fix oveflow when size of
> command result structure is greater than BUFSIZ
> 
> When using test-pmd with flow director in FreeBSD, the application will
> segfault/Bus error while parsing the command-line. This is due to how
> each commands result structure is represented during parsing, where the offsets
> for each tokens value is stored in a character array(char result_buf[BUFSIZ])
> in cmdline_parse()(./lib/librte_cmdline/cmdline_parse.c).
> 
> The overflow occurs where BUFSIZ is less than the size of a commands result
> structure, in this case "struct cmd_pkt_filter_result"
> (app/test-pmd/cmdline.c) is 1088 bytes and BUFSIZ on FreeBSD is 1024 bytes as
> opposed to 8192 bytes on Linux.
> 
> This patch removes the OS dependency on BUFSIZ and defines and uses a
> library #define CMDLINE_PARSE_RESULT_BUFSIZE 8192
> 
> The problem can be reproduced by running test-pmd on FreeBSD:
> ./testpmd -c 0x3 -n 4 -- -i --portmask=0x3 --pkt-filter-mode=perfect
> And adding a filter:
> add_perfect_filter 0 udp src 192.168.0.0 1024 dst 192.168.0.0 1024 flexbytes
> 0x800 vlan 0 queue 0 soft 0x17
> 
> Signed-off-by: Alan Carew <alan.carew@intel.com>
> ---
>  lib/librte_cmdline/cmdline_parse.c | 2 +-
>  lib/librte_cmdline/cmdline_parse.h | 3 +++
>  2 files changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/librte_cmdline/cmdline_parse.c
> b/lib/librte_cmdline/cmdline_parse.c
> index 940480d..29f1afd 100644
> --- a/lib/librte_cmdline/cmdline_parse.c
> +++ b/lib/librte_cmdline/cmdline_parse.c
> @@ -219,7 +219,7 @@ cmdline_parse(struct cmdline *cl, const char * buf)
>  	unsigned int inst_num=0;
>  	cmdline_parse_inst_t *inst;
>  	const char *curbuf;
> -	char result_buf[BUFSIZ];
> +	char result_buf[CMDLINE_PARSE_RESULT_BUFSIZE];
>  	void (*f)(void *, struct cmdline *, void *) = NULL;
>  	void *data = NULL;
>  	int comment = 0;
> diff --git a/lib/librte_cmdline/cmdline_parse.h
> b/lib/librte_cmdline/cmdline_parse.h
> index f18836d..dae53ba 100644
> --- a/lib/librte_cmdline/cmdline_parse.h
> +++ b/lib/librte_cmdline/cmdline_parse.h
> @@ -80,6 +80,9 @@ extern "C" {
>  #define CMDLINE_PARSE_COMPLETE_AGAIN    1
>  #define CMDLINE_PARSE_COMPLETED_BUFFER  2
> 
> +/* maximum buffer size for parsed result */
> +#define CMDLINE_PARSE_RESULT_BUFSIZE 8192
> +
>  /**
>   * Stores a pointer to the ops struct, and the offset: the place to
>   * write the parsed result in the destination structure.
> --
> 1.9.3