From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id C9873DE4 for ; Fri, 5 Dec 2014 16:51:06 +0100 (CET) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga101.fm.intel.com with ESMTP; 05 Dec 2014 07:51:04 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.97,862,1389772800"; d="scan'208";a="425568913" Received: from bricha3-mobl3.ger.corp.intel.com ([10.243.20.39]) by FMSMGA003.fm.intel.com with SMTP; 05 Dec 2014 07:40:38 -0800 Received: by (sSMTP sendmail emulation); Fri, 05 Dec 2014 15:51:01 +0025 Date: Fri, 5 Dec 2014 15:51:01 +0000 From: Bruce Richardson To: Olivier Matz Message-ID: <20141205155100.GA9040@bricha3-MOBL3> References: <5481BE26.9080903@6wind.com> <1417789147-5636-1-git-send-email-olivier.matz@6wind.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1417789147-5636-1-git-send-email-olivier.matz@6wind.com> Organization: Intel Shannon Ltd. User-Agent: Mutt/1.5.23 (2014-03-12) Cc: dev@dpdk.org Subject: Re: [dpdk-dev] [PATCH v3] librte_cmdline: FreeBSD Fix oveflow when size of command result structure is greater than BUFSIZ X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Dec 2014 15:51:15 -0000 On Fri, Dec 05, 2014 at 03:19:07PM +0100, Olivier Matz wrote: > From: Alan Carew > > When using test-pmd with flow director in FreeBSD, the application will > segfault/Bus error while parsing the command-line. This is due to how > each commands result structure is represented during parsing, where the offsets > for each tokens value is stored in a character array(char result_buf[BUFSIZ]) > in cmdline_parse()(./lib/librte_cmdline/cmdline_parse.c). > > The overflow occurs where BUFSIZ is less than the size of a commands result > structure, in this case "struct cmd_pkt_filter_result" > (app/test-pmd/cmdline.c) is 1088 bytes and BUFSIZ on FreeBSD is 1024 bytes as > opposed to 8192 bytes on Linux. > > The problem can be reproduced by running test-pmd on FreeBSD: > ./testpmd -c 0x3 -n 4 -- -i --portmask=0x3 --pkt-filter-mode=perfect > And adding a filter: > add_perfect_filter 0 udp src 192.168.0.0 1024 dst 192.168.0.0 1024 flexbytes > 0x800 vlan 0 queue 0 soft 0x17 > > This patch removes the OS dependency on BUFSIZ and defines and uses a > library #define CMDLINE_PARSE_RESULT_BUFSIZE 8192 > > Added boundary checking to ensure this buffer size cannot overflow, with > an error message being produced. > > Suggested-by: Olivier MATZ > http://git.droids-corp.org/?p=libcmdline.git;a=commitdiff;h=b1d5b169352e57df3fc14c51ffad4b83f3e5613f > > Signed-off-by: Alan Carew > Signed-off-by: Olivier MATZ Tested on FreeBSD 10 and this patch fixes the issue described. Tested-by: Bruce Richardson > --- > app/test-pmd/parameters.c | 6 +++-- > app/test/test_cmdline_etheraddr.c | 13 +++++----- > app/test/test_cmdline_ipaddr.c | 27 ++++++++++++-------- > app/test/test_cmdline_num.c | 31 +++++++++++++---------- > app/test/test_cmdline_portlist.c | 13 +++++----- > app/test/test_cmdline_string.c | 13 ++++++---- > examples/cmdline/parse_obj_list.c | 6 ++++- > examples/cmdline/parse_obj_list.h | 3 ++- > examples/vhost_xen/xenstore_parse.c | 5 ++-- > lib/librte_cmdline/cmdline_parse.c | 35 ++++++++++++++++--------- > lib/librte_cmdline/cmdline_parse.h | 11 +++++--- > lib/librte_cmdline/cmdline_parse_etheraddr.c | 5 +++- > lib/librte_cmdline/cmdline_parse_etheraddr.h | 4 +-- > lib/librte_cmdline/cmdline_parse_ipaddr.c | 6 ++++- > lib/librte_cmdline/cmdline_parse_ipaddr.h | 4 +-- > lib/librte_cmdline/cmdline_parse_num.c | 38 +++++++++++++++++++++++++++- > lib/librte_cmdline/cmdline_parse_num.h | 4 +-- > lib/librte_cmdline/cmdline_parse_portlist.c | 5 +++- > lib/librte_cmdline/cmdline_parse_portlist.h | 4 +-- > lib/librte_cmdline/cmdline_parse_string.c | 6 ++++- > lib/librte_cmdline/cmdline_parse_string.h | 2 +- > lib/librte_pmd_bond/rte_eth_bond_args.c | 3 ++- > 22 files changed, 168 insertions(+), 76 deletions(-) > > diff --git a/app/test-pmd/parameters.c b/app/test-pmd/parameters.c > index 9573a43..8558985 100644 > --- a/app/test-pmd/parameters.c > +++ b/app/test-pmd/parameters.c > @@ -223,7 +223,8 @@ init_peer_eth_addrs(char *config_filename) > if (fgets(buf, sizeof(buf), config_file) == NULL) > break; > > - if (cmdline_parse_etheraddr(NULL, buf, &peer_eth_addrs[i]) < 0 ){ > + if (cmdline_parse_etheraddr(NULL, buf, &peer_eth_addrs[i], > + sizeof(peer_eth_addrs[i])) < 0 ){ > printf("Bad MAC address format on line %d\n", i+1); > fclose(config_file); > return -1; > @@ -658,7 +659,8 @@ launch_args_parse(int argc, char** argv) > "eth-peer: port %d >= RTE_MAX_ETHPORTS(%d)\n", > n, RTE_MAX_ETHPORTS); > > - if (cmdline_parse_etheraddr(NULL, port_end, &peer_addr) < 0 ) > + if (cmdline_parse_etheraddr(NULL, port_end, > + &peer_addr, sizeof(peer_addr)) < 0 ) > rte_exit(EXIT_FAILURE, > "Invalid ethernet address: %s\n", > port_end); > diff --git a/app/test/test_cmdline_etheraddr.c b/app/test/test_cmdline_etheraddr.c > index 45c61ff..e4f4231 100644 > --- a/app/test/test_cmdline_etheraddr.c > +++ b/app/test/test_cmdline_etheraddr.c > @@ -130,14 +130,15 @@ test_parse_etheraddr_invalid_param(void) > int ret = 0; > > /* try all null */ > - ret = cmdline_parse_etheraddr(NULL, NULL, NULL); > + ret = cmdline_parse_etheraddr(NULL, NULL, NULL, 0); > if (ret != -1) { > printf("Error: parser accepted null parameters!\n"); > return -1; > } > > /* try null buf */ > - ret = cmdline_parse_etheraddr(NULL, NULL, (void*)&result); > + ret = cmdline_parse_etheraddr(NULL, NULL, (void*)&result, > + sizeof(result)); > if (ret != -1) { > printf("Error: parser accepted null string!\n"); > return -1; > @@ -149,7 +150,7 @@ test_parse_etheraddr_invalid_param(void) > snprintf(buf, sizeof(buf), "%s", > ether_addr_valid_strs[0].str); > > - ret = cmdline_parse_etheraddr(NULL, buf, NULL); > + ret = cmdline_parse_etheraddr(NULL, buf, NULL, 0); > if (ret == -1) { > printf("Error: parser rejected null result!\n"); > return -1; > @@ -185,7 +186,7 @@ test_parse_etheraddr_invalid_data(void) > memset(&result, 0, sizeof(struct ether_addr)); > > ret = cmdline_parse_etheraddr(NULL, ether_addr_invalid_strs[i], > - (void*)&result); > + (void*)&result, sizeof(result)); > if (ret != -1) { > printf("Error: parsing %s succeeded!\n", > ether_addr_invalid_strs[i]); > @@ -210,7 +211,7 @@ test_parse_etheraddr_valid(void) > memset(&result, 0, sizeof(struct ether_addr)); > > ret = cmdline_parse_etheraddr(NULL, ether_addr_valid_strs[i].str, > - (void*)&result); > + (void*)&result, sizeof(result)); > if (ret < 0) { > printf("Error: parsing %s failed!\n", > ether_addr_valid_strs[i].str); > @@ -229,7 +230,7 @@ test_parse_etheraddr_valid(void) > memset(&result, 0, sizeof(struct ether_addr)); > > ret = cmdline_parse_etheraddr(NULL, ether_addr_garbage_strs[i], > - (void*)&result); > + (void*)&result, sizeof(result)); > if (ret < 0) { > printf("Error: parsing %s failed!\n", > ether_addr_garbage_strs[i]); > diff --git a/app/test/test_cmdline_ipaddr.c b/app/test/test_cmdline_ipaddr.c > index 4ce928d..471d2ff 100644 > --- a/app/test/test_cmdline_ipaddr.c > +++ b/app/test/test_cmdline_ipaddr.c > @@ -425,7 +425,8 @@ test_parse_ipaddr_valid(void) > buf, sizeof(buf)); > > ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token, > - ipaddr_valid_strs[i].str, (void*)&result); > + ipaddr_valid_strs[i].str, (void*)&result, > + sizeof(result)); > > /* if should have passed, or should have failed */ > if ((ret < 0) == > @@ -474,7 +475,8 @@ test_parse_ipaddr_valid(void) > buf, sizeof(buf)); > > ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token, > - ipaddr_garbage_addr4_strs[i], (void*)&result); > + ipaddr_garbage_addr4_strs[i], (void*)&result, > + sizeof(result)); > > /* if should have passed, or should have failed */ > if ((ret < 0) == > @@ -515,7 +517,8 @@ test_parse_ipaddr_valid(void) > buf, sizeof(buf)); > > ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token, > - ipaddr_garbage_addr6_strs[i], (void*)&result); > + ipaddr_garbage_addr6_strs[i], (void*)&result, > + sizeof(result)); > > /* if should have passed, or should have failed */ > if ((ret < 0) == > @@ -557,7 +560,8 @@ test_parse_ipaddr_valid(void) > buf, sizeof(buf)); > > ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token, > - ipaddr_garbage_network4_strs[i], (void*)&result); > + ipaddr_garbage_network4_strs[i], (void*)&result, > + sizeof(result)); > > /* if should have passed, or should have failed */ > if ((ret < 0) == > @@ -598,7 +602,8 @@ test_parse_ipaddr_valid(void) > buf, sizeof(buf)); > > ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token, > - ipaddr_garbage_network6_strs[i], (void*)&result); > + ipaddr_garbage_network6_strs[i], (void*)&result, > + sizeof(result)); > > /* if should have passed, or should have failed */ > if ((ret < 0) == > @@ -651,7 +656,8 @@ test_parse_ipaddr_invalid_data(void) > buf, sizeof(buf)); > > ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token, > - ipaddr_invalid_strs[i], (void*)&result); > + ipaddr_invalid_strs[i], (void*)&result, > + sizeof(result)); > > if (ret != -1) { > printf("Error: parsing %s as %s succeeded!\n", > @@ -677,25 +683,26 @@ test_parse_ipaddr_invalid_param(void) > token.ipaddr_data.flags = CMDLINE_IPADDR_V4; > > /* null token */ > - if (cmdline_parse_ipaddr(NULL, buf, (void*)&result) != -1) { > + if (cmdline_parse_ipaddr(NULL, buf, (void*)&result, > + sizeof(result)) != -1) { > printf("Error: parser accepted invalid parameters!\n"); > return -1; > } > /* null buffer */ > if (cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token, > - NULL, (void*)&result) != -1) { > + NULL, (void*)&result, sizeof(result)) != -1) { > printf("Error: parser accepted invalid parameters!\n"); > return -1; > } > /* empty buffer */ > if (cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token, > - "", (void*)&result) != -1) { > + "", (void*)&result, sizeof(result)) != -1) { > printf("Error: parser accepted invalid parameters!\n"); > return -1; > } > /* null result */ > if (cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token, > - buf, NULL) == -1) { > + buf, NULL, 0) == -1) { > printf("Error: parser rejected null result!\n"); > return -1; > } > diff --git a/app/test/test_cmdline_num.c b/app/test/test_cmdline_num.c > index 799d68c..04263d3 100644 > --- a/app/test/test_cmdline_num.c > +++ b/app/test/test_cmdline_num.c > @@ -350,14 +350,14 @@ test_parse_num_invalid_param(void) > num_valid_positive_strs[0].str); > > /* try all null */ > - ret = cmdline_parse_num(NULL, NULL, NULL); > + ret = cmdline_parse_num(NULL, NULL, NULL, 0); > if (ret != -1) { > printf("Error: parser accepted null parameters!\n"); > return -1; > } > > /* try null token */ > - ret = cmdline_parse_num(NULL, buf, (void*)&result); > + ret = cmdline_parse_num(NULL, buf, (void*)&result, sizeof(result)); > if (ret != -1) { > printf("Error: parser accepted null token!\n"); > return -1; > @@ -365,14 +365,15 @@ test_parse_num_invalid_param(void) > > /* try null buf */ > ret = cmdline_parse_num((cmdline_parse_token_hdr_t*)&token, NULL, > - (void*)&result); > + (void*)&result, sizeof(result)); > if (ret != -1) { > printf("Error: parser accepted null string!\n"); > return -1; > } > > /* try null result */ > - ret = cmdline_parse_num((cmdline_parse_token_hdr_t*)&token, buf, NULL); > + ret = cmdline_parse_num((cmdline_parse_token_hdr_t*)&token, buf, > + NULL, 0); > if (ret == -1) { > printf("Error: parser rejected null result!\n"); > return -1; > @@ -426,7 +427,7 @@ test_parse_num_invalid_data(void) > memset(&buf, 0, sizeof(buf)); > > ret = cmdline_parse_num((cmdline_parse_token_hdr_t*)&token, > - num_invalid_strs[i], (void*)&result); > + num_invalid_strs[i], (void*)&result, sizeof(result)); > if (ret != -1) { > /* get some info about what we are trying to parse */ > cmdline_get_help_num((cmdline_parse_token_hdr_t*)&token, > @@ -466,8 +467,9 @@ test_parse_num_valid(void) > cmdline_get_help_num((cmdline_parse_token_hdr_t*)&token, > buf, sizeof(buf)); > > - ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token, num_valid_positive_strs[i].str, > - (void*)&result); > + ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token, > + num_valid_positive_strs[i].str, > + (void*)&result, sizeof(result)); > > /* if it should have passed but didn't, or if it should have failed but didn't */ > if ((ret < 0) == (can_parse_unsigned(num_valid_positive_strs[i].result, type) > 0)) { > @@ -493,8 +495,9 @@ test_parse_num_valid(void) > cmdline_get_help_num((cmdline_parse_token_hdr_t*)&token, > buf, sizeof(buf)); > > - ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token, num_valid_negative_strs[i].str, > - (void*)&result); > + ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token, > + num_valid_negative_strs[i].str, > + (void*)&result, sizeof(result)); > > /* if it should have passed but didn't, or if it should have failed but didn't */ > if ((ret < 0) == (can_parse_signed(num_valid_negative_strs[i].result, type) > 0)) { > @@ -542,8 +545,9 @@ test_parse_num_valid(void) > cmdline_get_help_num((cmdline_parse_token_hdr_t*)&token, > buf, sizeof(buf)); > > - ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token, num_garbage_positive_strs[i].str, > - (void*)&result); > + ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token, > + num_garbage_positive_strs[i].str, > + (void*)&result, sizeof(result)); > > /* if it should have passed but didn't, or if it should have failed but didn't */ > if ((ret < 0) == (can_parse_unsigned(num_garbage_positive_strs[i].result, type) > 0)) { > @@ -569,8 +573,9 @@ test_parse_num_valid(void) > cmdline_get_help_num((cmdline_parse_token_hdr_t*)&token, > buf, sizeof(buf)); > > - ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token, num_garbage_negative_strs[i].str, > - (void*)&result); > + ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token, > + num_garbage_negative_strs[i].str, > + (void*)&result, sizeof(result)); > > /* if it should have passed but didn't, or if it should have failed but didn't */ > if ((ret < 0) == (can_parse_signed(num_garbage_negative_strs[i].result, type) > 0)) { > diff --git a/app/test/test_cmdline_portlist.c b/app/test/test_cmdline_portlist.c > index 9f9633c..b9664b0 100644 > --- a/app/test/test_cmdline_portlist.c > +++ b/app/test/test_cmdline_portlist.c > @@ -139,21 +139,22 @@ test_parse_portlist_invalid_param(void) > memset(&result, 0, sizeof(cmdline_portlist_t)); > > /* try all null */ > - ret = cmdline_parse_portlist(NULL, NULL, NULL); > + ret = cmdline_parse_portlist(NULL, NULL, NULL, 0); > if (ret != -1) { > printf("Error: parser accepted null parameters!\n"); > return -1; > } > > /* try null buf */ > - ret = cmdline_parse_portlist(NULL, NULL, (void*)&result); > + ret = cmdline_parse_portlist(NULL, NULL, (void*)&result, > + sizeof(result)); > if (ret != -1) { > printf("Error: parser accepted null string!\n"); > return -1; > } > > /* try null result */ > - ret = cmdline_parse_portlist(NULL, portlist_valid_strs[0].str, NULL); > + ret = cmdline_parse_portlist(NULL, portlist_valid_strs[0].str, NULL, 0); > if (ret == -1) { > printf("Error: parser rejected null result!\n"); > return -1; > @@ -188,7 +189,7 @@ test_parse_portlist_invalid_data(void) > memset(&result, 0, sizeof(cmdline_portlist_t)); > > ret = cmdline_parse_portlist(NULL, portlist_invalid_strs[i], > - (void*)&result); > + (void*)&result, sizeof(result)); > if (ret != -1) { > printf("Error: parsing %s succeeded!\n", > portlist_invalid_strs[i]); > @@ -213,7 +214,7 @@ test_parse_portlist_valid(void) > memset(&result, 0, sizeof(cmdline_portlist_t)); > > ret = cmdline_parse_portlist(NULL, portlist_valid_strs[i].str, > - (void*)&result); > + (void*)&result, sizeof(result)); > if (ret < 0) { > printf("Error: parsing %s failed!\n", > portlist_valid_strs[i].str); > @@ -232,7 +233,7 @@ test_parse_portlist_valid(void) > memset(&result, 0, sizeof(cmdline_portlist_t)); > > ret = cmdline_parse_portlist(NULL, portlist_garbage_strs[i], > - (void*)&result); > + (void*)&result, sizeof(result)); > if (ret < 0) { > printf("Error: parsing %s failed!\n", > portlist_garbage_strs[i]); > diff --git a/app/test/test_cmdline_string.c b/app/test/test_cmdline_string.c > index 3ec0ce1..915a7d7 100644 > --- a/app/test/test_cmdline_string.c > +++ b/app/test/test_cmdline_string.c > @@ -178,7 +178,7 @@ test_parse_string_invalid_param(void) > printf("Error: function accepted null token!\n"); > return -1; > } > - if (cmdline_parse_string(NULL, buf, NULL) != -1) { > + if (cmdline_parse_string(NULL, buf, NULL, 0) != -1) { > printf("Error: function accepted null token!\n"); > return -1; > } > @@ -189,7 +189,8 @@ test_parse_string_invalid_param(void) > return -1; > } > if (cmdline_parse_string( > - (cmdline_parse_token_hdr_t*)&token, NULL, (void*)&result) != -1) { > + (cmdline_parse_token_hdr_t*)&token, NULL, > + (void*)&result, sizeof(result)) != -1) { > printf("Error: function accepted null buffer!\n"); > return -1; > } > @@ -200,7 +201,7 @@ test_parse_string_invalid_param(void) > } > /* test null result */ > if (cmdline_parse_string( > - (cmdline_parse_token_hdr_t*)&token, buf, NULL) == -1) { > + (cmdline_parse_token_hdr_t*)&token, buf, NULL, 0) == -1) { > printf("Error: function rejected null result!\n"); > return -1; > } > @@ -233,7 +234,8 @@ test_parse_string_invalid_data(void) > token.string_data.str = string_invalid_strs[i].fixed_str; > > if (cmdline_parse_string((cmdline_parse_token_hdr_t*)&token, > - string_invalid_strs[i].str, (void*)buf) != -1) { > + string_invalid_strs[i].str, (void*)buf, > + sizeof(buf)) != -1) { > memset(help_str, 0, sizeof(help_str)); > memset(&help_token, 0, sizeof(help_token)); > > @@ -330,7 +332,8 @@ test_parse_string_valid(void) > token.string_data.str = string_parse_strs[i].fixed_str; > > if (cmdline_parse_string((cmdline_parse_token_hdr_t*)&token, > - string_parse_strs[i].str, (void*)buf) < 0) { > + string_parse_strs[i].str, (void*)buf, > + sizeof(buf)) < 0) { > > /* clean help data */ > memset(&help_token, 0, sizeof(help_token)); > diff --git a/examples/cmdline/parse_obj_list.c b/examples/cmdline/parse_obj_list.c > index 2625ca3..cdbaf2f 100644 > --- a/examples/cmdline/parse_obj_list.c > +++ b/examples/cmdline/parse_obj_list.c > @@ -84,7 +84,8 @@ struct cmdline_token_ops token_obj_list_ops = { > }; > > int > -parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *buf, void *res) > +parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *buf, void *res, > + unsigned ressize) > { > struct token_obj_list *tk2 = (struct token_obj_list *)tk; > struct token_obj_list_data *tkd = &tk2->obj_list_data; > @@ -94,6 +95,9 @@ parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *buf, void *res) > if (*buf == 0) > return -1; > > + if (res && ressize < sizeof(struct object *)) > + return -1; > + > while(!cmdline_isendoftoken(buf[token_len])) > token_len++; > > diff --git a/examples/cmdline/parse_obj_list.h b/examples/cmdline/parse_obj_list.h > index 297fec4..871c53a 100644 > --- a/examples/cmdline/parse_obj_list.h > +++ b/examples/cmdline/parse_obj_list.h > @@ -91,7 +91,8 @@ typedef struct token_obj_list parse_token_obj_list_t; > > extern struct cmdline_token_ops token_obj_list_ops; > > -int parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res); > +int parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res, > + unsigned ressize); > int complete_get_nb_obj_list(cmdline_parse_token_hdr_t *tk); > int complete_get_elt_obj_list(cmdline_parse_token_hdr_t *tk, int idx, > char *dstbuf, unsigned int size); > diff --git a/examples/vhost_xen/xenstore_parse.c b/examples/vhost_xen/xenstore_parse.c > index fdd69b2..9441639 100644 > --- a/examples/vhost_xen/xenstore_parse.c > +++ b/examples/vhost_xen/xenstore_parse.c > @@ -77,7 +77,7 @@ struct grant_node_item { > } __attribute__((packed)); > > int cmdline_parse_etheraddr(void *tk, const char *srcbuf, > - void *res); > + void *res, unsigned ressize); > > /* Map grant ref refid at addr_ori*/ > static void * > @@ -676,7 +676,8 @@ xen_parse_etheraddr(struct xen_vring *vring) > if ((buf = xen_read_node(path, &len)) == NULL) > goto out; > > - if (cmdline_parse_etheraddr(NULL, buf, &vring->addr) < 0) > + if (cmdline_parse_etheraddr(NULL, buf, &vring->addr, > + sizeof(vring->addr)) < 0) > goto out; > ret = 0; > out: > diff --git a/lib/librte_cmdline/cmdline_parse.c b/lib/librte_cmdline/cmdline_parse.c > index 940480d..dfc885c 100644 > --- a/lib/librte_cmdline/cmdline_parse.c > +++ b/lib/librte_cmdline/cmdline_parse.c > @@ -138,7 +138,7 @@ nb_common_chars(const char * s1, const char * s2) > */ > static int > match_inst(cmdline_parse_inst_t *inst, const char *buf, > - unsigned int nb_match_token, void * result_buf) > + unsigned int nb_match_token, void *resbuf, unsigned resbuf_size) > { > unsigned int token_num=0; > cmdline_parse_token_hdr_t * token_p; > @@ -162,12 +162,23 @@ match_inst(cmdline_parse_inst_t *inst, const char *buf, > if ( isendofline(*buf) || iscomment(*buf) ) > break; > > - if (result_buf) > - n = token_hdr.ops->parse(token_p, buf, > - (char *)result_buf + > - token_hdr.offset); > - else > - n = token_hdr.ops->parse(token_p, buf, NULL); > + if (resbuf == NULL) { > + n = token_hdr.ops->parse(token_p, buf, NULL, 0); > + } else { > + unsigned rb_sz; > + > + if (token_hdr.offset > resbuf_size) { > + printf("Parse error(%s:%d): Token offset(%u) " > + "exceeds maximum size(%u)\n", > + __FILE__, __LINE__, > + token_hdr.offset, resbuf_size); > + return -ENOBUFS; > + } > + rb_sz = resbuf_size - token_hdr.offset; > + > + n = token_hdr.ops->parse(token_p, buf, (char *)resbuf + > + token_hdr.offset, rb_sz); > + } > > if (n < 0) > break; > @@ -219,7 +230,7 @@ cmdline_parse(struct cmdline *cl, const char * buf) > unsigned int inst_num=0; > cmdline_parse_inst_t *inst; > const char *curbuf; > - char result_buf[BUFSIZ]; > + char result_buf[CMDLINE_PARSE_RESULT_BUFSIZE]; > void (*f)(void *, struct cmdline *, void *) = NULL; > void *data = NULL; > int comment = 0; > @@ -280,7 +291,7 @@ cmdline_parse(struct cmdline *cl, const char * buf) > debug_printf("INST %d\n", inst_num); > > /* fully parsed */ > - tok = match_inst(inst, buf, 0, result_buf); > + tok = match_inst(inst, buf, 0, result_buf, sizeof(result_buf)); > > if (tok > 0) /* we matched at least one token */ > err = CMDLINE_PARSE_BAD_ARGS; > @@ -377,10 +388,10 @@ cmdline_complete(struct cmdline *cl, const char *buf, int *state, > inst = ctx[inst_num]; > while (inst) { > /* parse the first tokens of the inst */ > - if (nb_token && match_inst(inst, buf, nb_token, NULL)) > + if (nb_token && match_inst(inst, buf, nb_token, NULL, 0)) > goto next; > > - debug_printf("instruction match \n"); > + debug_printf("instruction match\n"); > token_p = inst->tokens[nb_token]; > if (token_p) > memcpy(&token_hdr, token_p, sizeof(token_hdr)); > @@ -471,7 +482,7 @@ cmdline_complete(struct cmdline *cl, const char *buf, int *state, > /* we need to redo it */ > inst = ctx[inst_num]; > > - if (nb_token && match_inst(inst, buf, nb_token, NULL)) > + if (nb_token && match_inst(inst, buf, nb_token, NULL, 0)) > goto next2; > > token_p = inst->tokens[nb_token]; > diff --git a/lib/librte_cmdline/cmdline_parse.h b/lib/librte_cmdline/cmdline_parse.h > index f18836d..4b25c45 100644 > --- a/lib/librte_cmdline/cmdline_parse.h > +++ b/lib/librte_cmdline/cmdline_parse.h > @@ -80,6 +80,9 @@ extern "C" { > #define CMDLINE_PARSE_COMPLETE_AGAIN 1 > #define CMDLINE_PARSE_COMPLETED_BUFFER 2 > > +/* maximum buffer size for parsed result */ > +#define CMDLINE_PARSE_RESULT_BUFSIZE 8192 > + > /** > * Stores a pointer to the ops struct, and the offset: the place to > * write the parsed result in the destination structure. > @@ -110,12 +113,14 @@ typedef struct cmdline_token_hdr cmdline_parse_token_hdr_t; > * -1 on error and 0 on success. > */ > struct cmdline_token_ops { > - /** parse(token ptr, buf, res pts) */ > - int (*parse)(cmdline_parse_token_hdr_t *, const char *, void *); > + /** parse(token ptr, buf, res pts, buf len) */ > + int (*parse)(cmdline_parse_token_hdr_t *, const char *, void *, > + unsigned int); > /** return the num of possible choices for this token */ > int (*complete_get_nb)(cmdline_parse_token_hdr_t *); > /** return the elt x for this token (token, idx, dstbuf, size) */ > - int (*complete_get_elt)(cmdline_parse_token_hdr_t *, int, char *, unsigned int); > + int (*complete_get_elt)(cmdline_parse_token_hdr_t *, int, char *, > + unsigned int); > /** get help for this token (token, dstbuf, size) */ > int (*get_help)(cmdline_parse_token_hdr_t *, char *, unsigned int); > }; > diff --git a/lib/librte_cmdline/cmdline_parse_etheraddr.c b/lib/librte_cmdline/cmdline_parse_etheraddr.c > index 5285c40..64ae86c 100644 > --- a/lib/librte_cmdline/cmdline_parse_etheraddr.c > +++ b/lib/librte_cmdline/cmdline_parse_etheraddr.c > @@ -137,12 +137,15 @@ my_ether_aton(const char *a) > > int > cmdline_parse_etheraddr(__attribute__((unused)) cmdline_parse_token_hdr_t *tk, > - const char *buf, void *res) > + const char *buf, void *res, unsigned ressize) > { > unsigned int token_len = 0; > char ether_str[ETHER_ADDRSTRLENLONG+1]; > struct ether_addr *tmp; > > + if (res && ressize < sizeof(struct ether_addr)) > + return -1; > + > if (!buf || ! *buf) > return -1; > > diff --git a/lib/librte_cmdline/cmdline_parse_etheraddr.h b/lib/librte_cmdline/cmdline_parse_etheraddr.h > index 4427e40..0085bb3 100644 > --- a/lib/librte_cmdline/cmdline_parse_etheraddr.h > +++ b/lib/librte_cmdline/cmdline_parse_etheraddr.h > @@ -73,9 +73,9 @@ typedef struct cmdline_token_etheraddr cmdline_parse_token_etheraddr_t; > extern struct cmdline_token_ops cmdline_token_etheraddr_ops; > > int cmdline_parse_etheraddr(cmdline_parse_token_hdr_t *tk, const char *srcbuf, > - void *res); > + void *res, unsigned ressize); > int cmdline_get_help_etheraddr(cmdline_parse_token_hdr_t *tk, char *dstbuf, > - unsigned int size); > + unsigned int size); > > #define TOKEN_ETHERADDR_INITIALIZER(structure, field) \ > { \ > diff --git a/lib/librte_cmdline/cmdline_parse_ipaddr.c b/lib/librte_cmdline/cmdline_parse_ipaddr.c > index ac83514..7f33599 100644 > --- a/lib/librte_cmdline/cmdline_parse_ipaddr.c > +++ b/lib/librte_cmdline/cmdline_parse_ipaddr.c > @@ -306,7 +306,8 @@ inet_pton6(const char *src, unsigned char *dst) > } > > int > -cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res) > +cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res, > + unsigned ressize) > { > struct cmdline_token_ipaddr *tk2; > unsigned int token_len = 0; > @@ -315,6 +316,9 @@ cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res) > char *prefix, *prefix_end; > long prefixlen = 0; > > + if (res && ressize < sizeof(cmdline_ipaddr_t)) > + return -1; > + > if (!buf || !tk || ! *buf) > return -1; > > diff --git a/lib/librte_cmdline/cmdline_parse_ipaddr.h b/lib/librte_cmdline/cmdline_parse_ipaddr.h > index 0e2f490..296c374 100644 > --- a/lib/librte_cmdline/cmdline_parse_ipaddr.h > +++ b/lib/librte_cmdline/cmdline_parse_ipaddr.h > @@ -92,9 +92,9 @@ typedef struct cmdline_token_ipaddr cmdline_parse_token_ipaddr_t; > extern struct cmdline_token_ops cmdline_token_ipaddr_ops; > > int cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *srcbuf, > - void *res); > + void *res, unsigned ressize); > int cmdline_get_help_ipaddr(cmdline_parse_token_hdr_t *tk, char *dstbuf, > - unsigned int size); > + unsigned int size); > > #define TOKEN_IPADDR_INITIALIZER(structure, field) \ > { \ > diff --git a/lib/librte_cmdline/cmdline_parse_num.c b/lib/librte_cmdline/cmdline_parse_num.c > index 0b9e4d0..1cf53d9 100644 > --- a/lib/librte_cmdline/cmdline_parse_num.c > +++ b/lib/librte_cmdline/cmdline_parse_num.c > @@ -119,10 +119,40 @@ add_to_res(unsigned int c, uint64_t *res, unsigned int base) > return 0; > } > > +static int > +check_res_size(struct cmdline_token_num_data *nd, unsigned ressize) > +{ > + switch (nd->type) { > + case INT8: > + case UINT8: > + if (ressize < sizeof(int8_t)) > + return -1; > + break; > + case INT16: > + case UINT16: > + if (ressize < sizeof(int16_t)) > + return -1; > + break; > + case INT32: > + case UINT32: > + if (ressize < sizeof(int32_t)) > + return -1; > + break; > + case INT64: > + case UINT64: > + if (ressize < sizeof(int64_t)) > + return -1; > + break; > + default: > + return -1; > + } > + return 0; > +} > > /* parse an int */ > int > -cmdline_parse_num(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res) > +cmdline_parse_num(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res, > + unsigned ressize) > { > struct cmdline_token_num_data nd; > enum num_parse_state_t st = START; > @@ -141,6 +171,12 @@ cmdline_parse_num(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res) > > memcpy(&nd, &((struct cmdline_token_num *)tk)->num_data, sizeof(nd)); > > + /* check that we have enough room in res */ > + if (res) { > + if (check_res_size(&nd, ressize) < 0) > + return -1; > + } > + > while ( st != ERROR && c && ! cmdline_isendoftoken(c) ) { > debug_printf("%c %x -> ", c, c); > switch (st) { > diff --git a/lib/librte_cmdline/cmdline_parse_num.h b/lib/librte_cmdline/cmdline_parse_num.h > index 77f2f9b..5376806 100644 > --- a/lib/librte_cmdline/cmdline_parse_num.h > +++ b/lib/librte_cmdline/cmdline_parse_num.h > @@ -89,9 +89,9 @@ typedef struct cmdline_token_num cmdline_parse_token_num_t; > extern struct cmdline_token_ops cmdline_token_num_ops; > > int cmdline_parse_num(cmdline_parse_token_hdr_t *tk, > - const char *srcbuf, void *res); > + const char *srcbuf, void *res, unsigned ressize); > int cmdline_get_help_num(cmdline_parse_token_hdr_t *tk, > - char *dstbuf, unsigned int size); > + char *dstbuf, unsigned int size); > > #define TOKEN_NUM_INITIALIZER(structure, field, numtype) \ > { \ > diff --git a/lib/librte_cmdline/cmdline_parse_portlist.c b/lib/librte_cmdline/cmdline_parse_portlist.c > index 7eac05c..834f2e6 100644 > --- a/lib/librte_cmdline/cmdline_parse_portlist.c > +++ b/lib/librte_cmdline/cmdline_parse_portlist.c > @@ -127,7 +127,7 @@ parse_ports(cmdline_portlist_t * pl, const char * str) > > int > cmdline_parse_portlist(__attribute__((unused)) cmdline_parse_token_hdr_t *tk, > - const char *buf, void *res) > + const char *buf, void *res, unsigned ressize) > { > unsigned int token_len = 0; > char portlist_str[PORTLIST_TOKEN_SIZE+1]; > @@ -136,6 +136,9 @@ cmdline_parse_portlist(__attribute__((unused)) cmdline_parse_token_hdr_t *tk, > if (!buf || ! *buf) > return (-1); > > + if (res && ressize < PORTLIST_TOKEN_SIZE) > + return -1; > + > pl = res; > > while (!cmdline_isendoftoken(buf[token_len]) && > diff --git a/lib/librte_cmdline/cmdline_parse_portlist.h b/lib/librte_cmdline/cmdline_parse_portlist.h > index 6fdc406..8505059 100644 > --- a/lib/librte_cmdline/cmdline_parse_portlist.h > +++ b/lib/librte_cmdline/cmdline_parse_portlist.h > @@ -81,9 +81,9 @@ typedef struct cmdline_token_portlist cmdline_parse_token_portlist_t; > extern struct cmdline_token_ops cmdline_token_portlist_ops; > > int cmdline_parse_portlist(cmdline_parse_token_hdr_t *tk, > - const char *srcbuf, void *res); > + const char *srcbuf, void *res, unsigned ressize); > int cmdline_get_help_portlist(cmdline_parse_token_hdr_t *tk, > - char *dstbuf, unsigned int size); > + char *dstbuf, unsigned int size); > > #define TOKEN_PORTLIST_INITIALIZER(structure, field) \ > { \ > diff --git a/lib/librte_cmdline/cmdline_parse_string.c b/lib/librte_cmdline/cmdline_parse_string.c > index b1bfe91..45883b3 100644 > --- a/lib/librte_cmdline/cmdline_parse_string.c > +++ b/lib/librte_cmdline/cmdline_parse_string.c > @@ -105,13 +105,17 @@ get_next_token(const char *s) > } > > int > -cmdline_parse_string(cmdline_parse_token_hdr_t *tk, const char *buf, void *res) > +cmdline_parse_string(cmdline_parse_token_hdr_t *tk, const char *buf, void *res, > + unsigned ressize) > { > struct cmdline_token_string *tk2; > struct cmdline_token_string_data *sd; > unsigned int token_len; > const char *str; > > + if (res && ressize < STR_TOKEN_SIZE) > + return -1; > + > if (!tk || !buf || ! *buf) > return -1; > > diff --git a/lib/librte_cmdline/cmdline_parse_string.h b/lib/librte_cmdline/cmdline_parse_string.h > index 52c916c..c205622 100644 > --- a/lib/librte_cmdline/cmdline_parse_string.h > +++ b/lib/librte_cmdline/cmdline_parse_string.h > @@ -83,7 +83,7 @@ typedef struct cmdline_token_string cmdline_parse_token_string_t; > extern struct cmdline_token_ops cmdline_token_string_ops; > > int cmdline_parse_string(cmdline_parse_token_hdr_t *tk, const char *srcbuf, > - void *res); > + void *res, unsigned ressize); > int cmdline_complete_get_nb_string(cmdline_parse_token_hdr_t *tk); > int cmdline_complete_get_elt_string(cmdline_parse_token_hdr_t *tk, int idx, > char *dstbuf, unsigned int size); > diff --git a/lib/librte_pmd_bond/rte_eth_bond_args.c b/lib/librte_pmd_bond/rte_eth_bond_args.c > index 4114833..ca4de38 100644 > --- a/lib/librte_pmd_bond/rte_eth_bond_args.c > +++ b/lib/librte_pmd_bond/rte_eth_bond_args.c > @@ -254,7 +254,8 @@ bond_ethdev_parse_bond_mac_addr_kvarg(const char *key __rte_unused, > return -1; > > /* Parse MAC */ > - return cmdline_parse_etheraddr(NULL, value, extra_args); > + return cmdline_parse_etheraddr(NULL, value, extra_args, > + sizeof(struct ether_addr)); > } > > int > -- > 2.1.0 >