From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id 4D0B97E80 for ; Mon, 20 Oct 2014 17:18:28 +0200 (CEST) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga101.jf.intel.com with ESMTP; 20 Oct 2014 08:26:31 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.04,756,1406617200"; d="scan'208";a="592449526" Received: from irsmsx103.ger.corp.intel.com ([163.33.3.157]) by orsmga001.jf.intel.com with ESMTP; 20 Oct 2014 08:26:04 -0700 Received: from irsmsx109.ger.corp.intel.com ([169.254.13.253]) by IRSMSX103.ger.corp.intel.com ([169.254.3.175]) with mapi id 14.03.0195.001; Mon, 20 Oct 2014 16:26:03 +0100 From: "Carew, Alan" To: "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH] librte_cmdline: FreeBSD Fix oveflow when size of command result structure is greater than BUFSIZ Thread-Index: AQHP7Hnt3FdPCdzYGkeDOrtcPm6MI5w5GvrA Date: Mon, 20 Oct 2014 15:26:02 +0000 Message-ID: <0E29434AEE0C3A4180987AB476A6F6306D281C01@IRSMSX109.ger.corp.intel.com> References: <1413818593-26269-1-git-send-email-alan.carew@intel.com> In-Reply-To: <1413818593-26269-1-git-send-email-alan.carew@intel.com> Accept-Language: en-IE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [163.33.239.181] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH] librte_cmdline: FreeBSD Fix oveflow when size of command result structure is greater than BUFSIZ X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Oct 2014 15:18:28 -0000 A comment on my own patch. Making the size of result_buf consistent across each OS and keeping it as l= arge as the Linux BUFSIZ(8192) doesn't really address the core issue. In the event that a user of librte_cmdline creates a custom context with a result structure > 8192 bytes then this problem will occur again, though=20 somewhat unlikely, as the minimum number of the largest type would be 64 x= =20 cmdline_fixed_string_t types within a result structure, at its current size= . There is no checking of overflow, I would be tempted to add a runtime check= in cmdline_parse()/match_inst(), however I would be more comfortable with a bu= ild time check for this type of problem. Due to the opaque handling of user defined contexts there is no obvious way= to do this at build time. Thoughts? > -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Alan Carew > Sent: Monday, October 20, 2014 4:23 PM > To: dev@dpdk.org > Subject: [dpdk-dev] [PATCH] librte_cmdline: FreeBSD Fix oveflow when size= of > command result structure is greater than BUFSIZ >=20 > When using test-pmd with flow director in FreeBSD, the application will > segfault/Bus error while parsing the command-line. This is due to how > each commands result structure is represented during parsing, where the o= ffsets > for each tokens value is stored in a character array(char result_buf[BUFS= IZ]) > in cmdline_parse()(./lib/librte_cmdline/cmdline_parse.c). >=20 > The overflow occurs where BUFSIZ is less than the size of a commands resu= lt > structure, in this case "struct cmd_pkt_filter_result" > (app/test-pmd/cmdline.c) is 1088 bytes and BUFSIZ on FreeBSD is 1024 byte= s as > opposed to 8192 bytes on Linux. >=20 > This patch removes the OS dependency on BUFSIZ and defines and uses a > library #define CMDLINE_PARSE_RESULT_BUFSIZE 8192 >=20 > The problem can be reproduced by running test-pmd on FreeBSD: > ./testpmd -c 0x3 -n 4 -- -i --portmask=3D0x3 --pkt-filter-mode=3Dperfect > And adding a filter: > add_perfect_filter 0 udp src 192.168.0.0 1024 dst 192.168.0.0 1024 flexby= tes > 0x800 vlan 0 queue 0 soft 0x17 >=20 > Signed-off-by: Alan Carew > --- > lib/librte_cmdline/cmdline_parse.c | 2 +- > lib/librte_cmdline/cmdline_parse.h | 3 +++ > 2 files changed, 4 insertions(+), 1 deletion(-) >=20 > diff --git a/lib/librte_cmdline/cmdline_parse.c > b/lib/librte_cmdline/cmdline_parse.c > index 940480d..29f1afd 100644 > --- a/lib/librte_cmdline/cmdline_parse.c > +++ b/lib/librte_cmdline/cmdline_parse.c > @@ -219,7 +219,7 @@ cmdline_parse(struct cmdline *cl, const char * buf) > unsigned int inst_num=3D0; > cmdline_parse_inst_t *inst; > const char *curbuf; > - char result_buf[BUFSIZ]; > + char result_buf[CMDLINE_PARSE_RESULT_BUFSIZE]; > void (*f)(void *, struct cmdline *, void *) =3D NULL; > void *data =3D NULL; > int comment =3D 0; > diff --git a/lib/librte_cmdline/cmdline_parse.h > b/lib/librte_cmdline/cmdline_parse.h > index f18836d..dae53ba 100644 > --- a/lib/librte_cmdline/cmdline_parse.h > +++ b/lib/librte_cmdline/cmdline_parse.h > @@ -80,6 +80,9 @@ extern "C" { > #define CMDLINE_PARSE_COMPLETE_AGAIN 1 > #define CMDLINE_PARSE_COMPLETED_BUFFER 2 >=20 > +/* maximum buffer size for parsed result */ > +#define CMDLINE_PARSE_RESULT_BUFSIZE 8192 > + > /** > * Stores a pointer to the ops struct, and the offset: the place to > * write the parsed result in the destination structure. > -- > 1.9.3