DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH] kvargs: fix crash when parsing an invalid token on FreeBSD
@ 2020-04-29 13:17 Olivier Matz
  2020-04-30  9:41 ` Huang, ZhiminX
  2020-05-06 13:22 ` [dpdk-dev] [dpdk-stable] " David Marchand
  0 siblings, 2 replies; 3+ messages in thread
From: Olivier Matz @ 2020-04-29 13:17 UTC (permalink / raw)
  To: dev; +Cc: stable

The behavior of strtok_r() is not the same between GNU libc and FreeBSD
libc: in the first case, the context is set to "" when the last token is
returned, while in the second case it is set to NULL.

On FreeBSD, the current code crashes because we are dereferencing a NULL
pointer (ctx1). Fix it by first checking if it is NULL. This works with
both GNU and FreeBSD libc.

Fixes: ffcf831454a9 ("kvargs: fix buffer overflow when parsing list")
Cc: stable@dpdk.org

Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
---
 lib/librte_kvargs/rte_kvargs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/librte_kvargs/rte_kvargs.c b/lib/librte_kvargs/rte_kvargs.c
index 1d815dcd9..285081c86 100644
--- a/lib/librte_kvargs/rte_kvargs.c
+++ b/lib/librte_kvargs/rte_kvargs.c
@@ -50,7 +50,7 @@ rte_kvargs_tokenize(struct rte_kvargs *kvlist, const char *params)
 			/* Find the end of the list. */
 			while (str[strlen(str) - 1] != ']') {
 				/* Restore the comma erased by strtok_r(). */
-				if (ctx1[0] == '\0')
+				if (ctx1 == NULL || ctx1[0] == '\0')
 					return -1; /* no closing bracket */
 				str[strlen(str)] = ',';
 				/* Parse until next comma. */
-- 
2.25.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [dpdk-dev] [PATCH] kvargs: fix crash when parsing an invalid token on FreeBSD
  2020-04-29 13:17 [dpdk-dev] [PATCH] kvargs: fix crash when parsing an invalid token on FreeBSD Olivier Matz
@ 2020-04-30  9:41 ` Huang, ZhiminX
  2020-05-06 13:22 ` [dpdk-dev] [dpdk-stable] " David Marchand
  1 sibling, 0 replies; 3+ messages in thread
From: Huang, ZhiminX @ 2020-04-30  9:41 UTC (permalink / raw)
  To: Olivier Matz, dev; +Cc: stable

Tested-by: Huang, ZhiminX <zhiminx.huang@intel.com>

Regards,
HuangZhiMin


-----Original Message-----
From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Olivier Matz
Sent: Wednesday, April 29, 2020 9:17 PM
To: dev@dpdk.org
Cc: stable@dpdk.org
Subject: [dpdk-dev] [PATCH] kvargs: fix crash when parsing an invalid token on FreeBSD

The behavior of strtok_r() is not the same between GNU libc and FreeBSD
libc: in the first case, the context is set to "" when the last token is returned, while in the second case it is set to NULL.

On FreeBSD, the current code crashes because we are dereferencing a NULL pointer (ctx1). Fix it by first checking if it is NULL. This works with both GNU and FreeBSD libc.

Fixes: ffcf831454a9 ("kvargs: fix buffer overflow when parsing list")
Cc: stable@dpdk.org

Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
---
 lib/librte_kvargs/rte_kvargs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/librte_kvargs/rte_kvargs.c b/lib/librte_kvargs/rte_kvargs.c index 1d815dcd9..285081c86 100644
--- a/lib/librte_kvargs/rte_kvargs.c
+++ b/lib/librte_kvargs/rte_kvargs.c
@@ -50,7 +50,7 @@ rte_kvargs_tokenize(struct rte_kvargs *kvlist, const char *params)
 			/* Find the end of the list. */
 			while (str[strlen(str) - 1] != ']') {
 				/* Restore the comma erased by strtok_r(). */
-				if (ctx1[0] == '\0')
+				if (ctx1 == NULL || ctx1[0] == '\0')
 					return -1; /* no closing bracket */
 				str[strlen(str)] = ',';
 				/* Parse until next comma. */
--
2.25.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [dpdk-dev] [dpdk-stable] [PATCH] kvargs: fix crash when parsing an invalid token on FreeBSD
  2020-04-29 13:17 [dpdk-dev] [PATCH] kvargs: fix crash when parsing an invalid token on FreeBSD Olivier Matz
  2020-04-30  9:41 ` Huang, ZhiminX
@ 2020-05-06 13:22 ` David Marchand
  1 sibling, 0 replies; 3+ messages in thread
From: David Marchand @ 2020-05-06 13:22 UTC (permalink / raw)
  To: Olivier Matz; +Cc: dev, dpdk stable

On Wed, Apr 29, 2020 at 3:17 PM Olivier Matz <olivier.matz@6wind.com> wrote:
>
> The behavior of strtok_r() is not the same between GNU libc and FreeBSD
> libc: in the first case, the context is set to "" when the last token is
> returned, while in the second case it is set to NULL.
>
> On FreeBSD, the current code crashes because we are dereferencing a NULL
> pointer (ctx1). Fix it by first checking if it is NULL. This works with
> both GNU and FreeBSD libc.
>
> Fixes: ffcf831454a9 ("kvargs: fix buffer overflow when parsing list")
> Cc: stable@dpdk.org
>
> Signed-off-by: Olivier Matz <olivier.matz@6wind.com>

Tested-by: Zhimin Huang <zhiminx.huang@intel.com>

Applied, thanks.

-- 
David Marchand


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2020-05-06 13:22 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-29 13:17 [dpdk-dev] [PATCH] kvargs: fix crash when parsing an invalid token on FreeBSD Olivier Matz
2020-04-30  9:41 ` Huang, ZhiminX
2020-05-06 13:22 ` [dpdk-dev] [dpdk-stable] " David Marchand

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git