From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id BE710A04B7; Tue, 13 Oct 2020 15:11:38 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 9CF2B1DB38; Tue, 13 Oct 2020 15:11:37 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id 1C0061DB36; Tue, 13 Oct 2020 15:11:34 +0200 (CEST) IronPort-SDR: 3IvxY0H0xFbxWmr5273CKuE32wKN/ixgAi+Meulrz9L3e0IpoCl0D9syFIr5TAItDLnTvH5Epm 2oT7ftSVE4Eg== X-IronPort-AV: E=McAfee;i="6000,8403,9772"; a="230083872" X-IronPort-AV: E=Sophos;i="5.77,370,1596524400"; d="scan'208";a="230083872" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Oct 2020 06:11:31 -0700 IronPort-SDR: 3xTEC2PfInqZQxEAUuhkAiiXb8s+H5xa/O/52Mgc8VZJCneJzkovUYC4QrtPiLygKl8L/ykHr7 /9GlMMjl5FOQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,370,1596524400"; d="scan'208";a="519975682" Received: from silpixa00399838.ir.intel.com ([10.237.213.224]) by fmsmga006.fm.intel.com with ESMTP; 13 Oct 2020 06:11:29 -0700 From: Kevin Laatz To: dev@dpdk.org Cc: ferruh.yigit@intel.com, bruce.richardson@intel.com, stephen@networkplumber.org, Kevin Laatz , stable@dpdk.org Date: Tue, 13 Oct 2020 14:07:04 +0100 Message-Id: <20201013130704.1186595-1-kevin.laatz@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201001170902.487111-1-kevin.laatz@intel.com> References: <20201001170902.487111-1-kevin.laatz@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v3] net/ring: fix unchecked return value X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add a check for the return value of the sscanf call in parse_internal_args(), returning an error if we don't get the expected result. Coverity issue: 362049 Fixes: 96cb19521147 ("net/ring: use EAL APIs in PMD specific API") Cc: stable@dpdk.org Signed-off-by: Kevin Laatz --- v2: added consumed characters count check v3: add more improved checks --- drivers/net/ring/rte_eth_ring.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/net/ring/rte_eth_ring.c b/drivers/net/ring/rte_eth_ring.c index 40fe1ca4ba..41692305e7 100644 --- a/drivers/net/ring/rte_eth_ring.c +++ b/drivers/net/ring/rte_eth_ring.c @@ -16,6 +16,7 @@ #define ETH_RING_ACTION_CREATE "CREATE" #define ETH_RING_ACTION_ATTACH "ATTACH" #define ETH_RING_INTERNAL_ARG "internal" +#define ETH_RING_INTERNAL_ARG_MAX_LEN 19 static const char *valid_arguments[] = { ETH_RING_NUMA_NODE_ACTION_ARG, @@ -538,8 +539,21 @@ parse_internal_args(const char *key __rte_unused, const char *value, { struct ring_internal_args **internal_args = data; void *args; + int ret, n; - sscanf(value, "%p", &args); + /* make sure 'value' is valid pointer length */ + if (strnlen(value, ETH_RING_INTERNAL_ARG_MAX_LEN) >= + ETH_RING_INTERNAL_ARG_MAX_LEN) { + PMD_LOG(ERR, "Error parsing internal args, 'value' too long"); + return -1; + } + + ret = sscanf(value, "%p%n", &args, &n); + if (ret == 0 || (size_t)n != strlen(value)) { + PMD_LOG(ERR, "Error parsing internal args"); + + return -1; + } *internal_args = args; -- 2.25.1