From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <alan.carew@intel.com>
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by dpdk.org (Postfix) with ESMTP id 4D0B97E80
 for <dev@dpdk.org>; Mon, 20 Oct 2014 17:18:28 +0200 (CEST)
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by orsmga101.jf.intel.com with ESMTP; 20 Oct 2014 08:26:31 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.04,756,1406617200"; d="scan'208";a="592449526"
Received: from irsmsx103.ger.corp.intel.com ([163.33.3.157])
 by orsmga001.jf.intel.com with ESMTP; 20 Oct 2014 08:26:04 -0700
Received: from irsmsx109.ger.corp.intel.com ([169.254.13.253]) by
 IRSMSX103.ger.corp.intel.com ([169.254.3.175]) with mapi id 14.03.0195.001;
 Mon, 20 Oct 2014 16:26:03 +0100
From: "Carew, Alan" <alan.carew@intel.com>
To: "dev@dpdk.org" <dev@dpdk.org>
Thread-Topic: [dpdk-dev] [PATCH] librte_cmdline: FreeBSD Fix oveflow when
 size of	command result structure is greater than BUFSIZ
Thread-Index: AQHP7Hnt3FdPCdzYGkeDOrtcPm6MI5w5GvrA
Date: Mon, 20 Oct 2014 15:26:02 +0000
Message-ID: <0E29434AEE0C3A4180987AB476A6F6306D281C01@IRSMSX109.ger.corp.intel.com>
References: <1413818593-26269-1-git-send-email-alan.carew@intel.com>
In-Reply-To: <1413818593-26269-1-git-send-email-alan.carew@intel.com>
Accept-Language: en-IE, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [163.33.239.181]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [dpdk-dev] [PATCH] librte_cmdline: FreeBSD Fix oveflow when
 size of	command result structure is greater than BUFSIZ
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Oct 2014 15:18:28 -0000

A comment on my own patch.

Making the size of result_buf consistent across each OS and keeping it as l=
arge
as the Linux BUFSIZ(8192) doesn't really address the core issue.

In the event that a user of librte_cmdline creates a custom context with a
result structure > 8192 bytes then this problem will occur again, though=20
somewhat unlikely, as the minimum number of the largest type would be 64 x=
=20
cmdline_fixed_string_t types within a result structure, at its current size=
.

There is no checking of overflow, I would be tempted to add a runtime check=
 in
cmdline_parse()/match_inst(), however I would be more comfortable with a bu=
ild
time check for this type of problem.

Due to the opaque handling of user defined contexts there is no obvious way=
 to
do this at build time.

Thoughts?

> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Alan Carew
> Sent: Monday, October 20, 2014 4:23 PM
> To: dev@dpdk.org
> Subject: [dpdk-dev] [PATCH] librte_cmdline: FreeBSD Fix oveflow when size=
 of
> command result structure is greater than BUFSIZ
>=20
> When using test-pmd with flow director in FreeBSD, the application will
> segfault/Bus error while parsing the command-line. This is due to how
> each commands result structure is represented during parsing, where the o=
ffsets
> for each tokens value is stored in a character array(char result_buf[BUFS=
IZ])
> in cmdline_parse()(./lib/librte_cmdline/cmdline_parse.c).
>=20
> The overflow occurs where BUFSIZ is less than the size of a commands resu=
lt
> structure, in this case "struct cmd_pkt_filter_result"
> (app/test-pmd/cmdline.c) is 1088 bytes and BUFSIZ on FreeBSD is 1024 byte=
s as
> opposed to 8192 bytes on Linux.
>=20
> This patch removes the OS dependency on BUFSIZ and defines and uses a
> library #define CMDLINE_PARSE_RESULT_BUFSIZE 8192
>=20
> The problem can be reproduced by running test-pmd on FreeBSD:
> ./testpmd -c 0x3 -n 4 -- -i --portmask=3D0x3 --pkt-filter-mode=3Dperfect
> And adding a filter:
> add_perfect_filter 0 udp src 192.168.0.0 1024 dst 192.168.0.0 1024 flexby=
tes
> 0x800 vlan 0 queue 0 soft 0x17
>=20
> Signed-off-by: Alan Carew <alan.carew@intel.com>
> ---
>  lib/librte_cmdline/cmdline_parse.c | 2 +-
>  lib/librte_cmdline/cmdline_parse.h | 3 +++
>  2 files changed, 4 insertions(+), 1 deletion(-)
>=20
> diff --git a/lib/librte_cmdline/cmdline_parse.c
> b/lib/librte_cmdline/cmdline_parse.c
> index 940480d..29f1afd 100644
> --- a/lib/librte_cmdline/cmdline_parse.c
> +++ b/lib/librte_cmdline/cmdline_parse.c
> @@ -219,7 +219,7 @@ cmdline_parse(struct cmdline *cl, const char * buf)
>  	unsigned int inst_num=3D0;
>  	cmdline_parse_inst_t *inst;
>  	const char *curbuf;
> -	char result_buf[BUFSIZ];
> +	char result_buf[CMDLINE_PARSE_RESULT_BUFSIZE];
>  	void (*f)(void *, struct cmdline *, void *) =3D NULL;
>  	void *data =3D NULL;
>  	int comment =3D 0;
> diff --git a/lib/librte_cmdline/cmdline_parse.h
> b/lib/librte_cmdline/cmdline_parse.h
> index f18836d..dae53ba 100644
> --- a/lib/librte_cmdline/cmdline_parse.h
> +++ b/lib/librte_cmdline/cmdline_parse.h
> @@ -80,6 +80,9 @@ extern "C" {
>  #define CMDLINE_PARSE_COMPLETE_AGAIN    1
>  #define CMDLINE_PARSE_COMPLETED_BUFFER  2
>=20
> +/* maximum buffer size for parsed result */
> +#define CMDLINE_PARSE_RESULT_BUFSIZE 8192
> +
>  /**
>   * Stores a pointer to the ops struct, and the offset: the place to
>   * write the parsed result in the destination structure.
> --
> 1.9.3