From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CE5D1432FF; Sat, 11 Nov 2023 08:14:20 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3B19940281; Sat, 11 Nov 2023 08:14:20 +0100 (CET) Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2068.outbound.protection.outlook.com [40.107.223.68]) by mails.dpdk.org (Postfix) with ESMTP id A2B194003C; Sat, 11 Nov 2023 08:14:18 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zzt11yATmRjtPwXRbbY70cPJTLYnIdTGbupn/AxgxvCyEVG297rvkl2NqiorkJZhZ0PGGRdyi+y2AbCgnrJt3SqvGcfICae11BqOAQOJqF0iZny1qqkpQqmyAdKhLloVFVEhlofaJCZkqS9GzSJbyyDzOogIPA5CI4OsyTVIJ5RTHfmKeBvpl7nZ23Mvu2MKDO1k37rQTgTkk6favfJTaiXb1NGkVsyFXF8JdfPjzBGr9DV7xRiw7lYn1aYDQcn6dkogNIb8QNs52x8XAY45YfkawBwJ6M66diMNKzSB+acj74MBtqoZemTGEgZ+DGbaH7ZxIIuCsMZij8d/C+Y8PA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=THiTKli3qC7Kd+XG3vY2U2sC6Tqy75Kzqyg1qBnzfyM=; b=LLNtdpymVyicFsjThUf7EYYeoxL8D1duNpYwYd4/71FKHZXohy9iZqulqLrjg7QYl0+w7OUiJJjMqAmBVUrMdvfHtcnF8cstfFzHMVVJnEUBryfTM29LnGck+9emHwed5RG3GBzPjWkXDs+oXi+kvjQa39tlk059wQWXEBSOA6Htp0lq3NhAMena44puAyFHjXttkrKueFvfzx9ZtP8X12lRYH7eXd97FH9pcfz6ffMA5TpaE/enZUV1HvJgQhxcK+vt3gDNC8F2KsIr9/AmXUZJMw98EA7lb1uqD9L7bQAdOXNEGIICsu6vwTXYwuYVp3iBjjYsc76wjvakyJieTQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=THiTKli3qC7Kd+XG3vY2U2sC6Tqy75Kzqyg1qBnzfyM=; b=nnQwspnKh0xotREObszhV4t6gofa3/Ct7qNCUBDVFZlAL5VBAc+/YWcdb7mwn5JHSnft5JsxmITbw49WnoRbwyXMd1oLsn9MmZfd73q+OOmN+N343lT66wrf8MlBABpuUlm15sohmTURD6ik4TL7eUNDiwJ2lSwda10X1X8JIDiKYfyTfOul8riW3m8x4rdTUxthN1CLrSdUzJBuROXuLoG0MJNGYjKPL22+kkRJws+yM2ts/U/c2vzq/G1JFJBx59P2im+tGybHLq7WLMWo3OiCEeWLemF3DBMOmuYj7BFYN8A/xXlGhPqMRAGYu4S6lxEKjR7rGH9ti8cCZsYIjg== Received: from BL0PR1501CA0004.namprd15.prod.outlook.com (2603:10b6:207:17::17) by DM6PR12MB4893.namprd12.prod.outlook.com (2603:10b6:5:1bd::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6977.21; Sat, 11 Nov 2023 07:14:16 +0000 Received: from BL6PEPF0001AB71.namprd02.prod.outlook.com (2603:10b6:207:17:cafe::ca) by BL0PR1501CA0004.outlook.office365.com (2603:10b6:207:17::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6977.19 via Frontend Transport; Sat, 11 Nov 2023 07:14:15 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by BL6PEPF0001AB71.mail.protection.outlook.com (10.167.242.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6977.16 via Frontend Transport; Sat, 11 Nov 2023 07:14:15 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Fri, 10 Nov 2023 23:14:05 -0800 Received: from nvidia.com (10.126.230.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Fri, 10 Nov 2023 23:14:02 -0800 From: Gregory Etelson To: CC: , , , , Ori Kam , Aman Singh , Yuying Zhang , "Olga Shern" , Adrien Mazarguil Subject: [PATCH] app/testpmd: add size validation to token parsers Date: Sat, 11 Nov 2023 09:13:47 +0200 Message-ID: <20231111071347.71824-1-getelson@nvidia.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.126.230.35] X-ClientProxiedBy: rnnvmail202.nvidia.com (10.129.68.7) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB71:EE_|DM6PR12MB4893:EE_ X-MS-Office365-Filtering-Correlation-Id: 4835a24c-03a9-4853-f4b8-08dbe285d06f X-LD-Processed: 43083d15-7273-40c1-b7db-39efd9ccc17a,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6UCHWgx/r7kCb8OISSAY60Gf8sjjLnwgDe6ZyoRt1+LLeBJXKQ4HQXstGmi9+2vf+z5/FZ3rkxXJIEMRKJs14RhydIiHx7vjunJULyxSgjY/EAXAqr9S9WzdNhEfOINC5SLV6XaFoEd3DAgo4jOqbLD5KCblJ1D9VWa2hl8W9WAmYXsa6jwEzsv5ECYTLYEC4LhrYyJkTK3G79YkY6FAbfeU38SpxbY9/jGHne2D0q59PqR8vNHX6zy1c/DAyQTe5TJxVImosnDi2xAEtRvzkiRyTsIumjFN6b8Ek0Eem9zeyUGIEY6t+RaWGgtWAJRlYU3fFQhc4BO61Lxvy7D1LJnWiaR1h7bvdRlYJjwoFj4/opFF6NT+lMNDc1a//TdDUHTDetnYy1llqSe+S8IU0Vb4llm9Mv4gL5m5+BOgMLMLPWA3/53/3G8am7NLOqjU+pidAHzmM4xPZ1KADn4wl7m8QNPY9GcO7aSQpZmh2G4NGksRkDsISvH3ysICzJ0WBl64UaeKIDJFiZ0mrjTYvwFnmn0SGIm4/UDEBcvt2vf2S/9BAXONDRGbnxVAE8fI5KUt1Wp/jgg5XolwOh68DdiiGkab5pZaIC70HeQM208Go3BG/ufUQsh3kQ4Eb8ovt7UN6BiyrjG2qzplDpnH4h1kYnbdVE6isXTf+vON3AAWeuFlDp2cF2ze1n1tA0SUd797PrNBYUyHBqA37Mc8YT+iTR84UwrJh+0fm3InshBWXlmmAkSIHrtJq0Bv4SPoDud2aR4YC+dhCt43pGYqyA== X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE; SFS:(13230031)(4636009)(39860400002)(136003)(396003)(376002)(346002)(230922051799003)(186009)(451199024)(64100799003)(82310400011)(1800799009)(40470700004)(46966006)(36840700001)(336012)(426003)(40460700003)(41300700001)(6666004)(2906002)(36860700001)(47076005)(82740400003)(478600001)(356005)(7636003)(6916009)(316002)(54906003)(36756003)(86362001)(70206006)(70586007)(8936002)(4326008)(8676002)(5660300002)(7696005)(2616005)(26005)(55016003)(40480700001)(6286002)(16526019)(1076003)(309714004); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Nov 2023 07:14:15.6551 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4835a24c-03a9-4853-f4b8-08dbe285d06f X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB71.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4893 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org parse_prefix(), parse_int(), parse_mac_addr(), parse_ipv4_addr() and parse_ipv6_addr() unconditionally overwrite the `size` parameter with token size. The `size` parameter references a buffer where the parser functions will store their result. If the `size` value was less than token size, parser will corrupt memory outsite of target buffer. The patch adds sizes validation. Fixes: d3f61b7bad20 ("app/testpmd: add flow item spec prefix length") Fixes: 8a03ab58cc0a ("app/testpmd: support flow integer") Fixes: 6df81b325fa4 ("app/testpmd: add items eth/vlan to flow command") Fixes: ef6e38550f07 ("app/testpmd: add items ipv4/ipv6 to flow command") Cc: stable@dpdk.org Signed-off-by: Gregory Etelson --- app/test-pmd/cmdline_flow.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/app/test-pmd/cmdline_flow.c b/app/test-pmd/cmdline_flow.c index ce71818705..87541d2c46 100644 --- a/app/test-pmd/cmdline_flow.c +++ b/app/test-pmd/cmdline_flow.c @@ -7715,6 +7715,8 @@ parse_prefix(struct context *ctx, const struct token *token, } bytes = u / 8; extra = u % 8; + if (size < arg->size) + goto error; size = arg->size; if (bytes > size || bytes + !!extra > size) goto error; @@ -10806,6 +10808,8 @@ parse_int(struct context *ctx, const struct token *token, return len; } buf = (uint8_t *)ctx->object + arg->offset; + if (size < arg->size) + goto error; size = arg->size; if (u > RTE_LEN2MASK(size * CHAR_BIT, uint64_t)) return -1; @@ -11093,6 +11097,8 @@ parse_mac_addr(struct context *ctx, const struct token *token, /* Argument is expected. */ if (!arg) return -1; + if (size < arg->size) + goto error; size = arg->size; /* Bit-mask fill is not supported. */ if (arg->mask || size != sizeof(tmp)) @@ -11134,6 +11140,8 @@ parse_ipv4_addr(struct context *ctx, const struct token *token, /* Argument is expected. */ if (!arg) return -1; + if (size < arg->size) + goto error; size = arg->size; /* Bit-mask fill is not supported. */ if (arg->mask || size != sizeof(tmp)) @@ -11181,6 +11189,8 @@ parse_ipv6_addr(struct context *ctx, const struct token *token, /* Argument is expected. */ if (!arg) return -1; + if (size < arg->size) + goto error; size = arg->size; /* Bit-mask fill is not supported. */ if (arg->mask || size != sizeof(tmp)) -- 2.39.2