DPDK patches and discussions
 help / color / mirror / Atom feed
From: Thomas Monjalon <thomas.monjalon@6wind.com>
To: "Carew, Alan" <alan.carew@intel.com>
Cc: dev@dpdk.org
Subject: Re: [dpdk-dev] [PATCH] librte_cmdline: FreeBSD Fix oveflow when size of command result structure is greater than BUFSIZ
Date: Mon, 20 Oct 2014 22:25:03 +0200
Message-ID: <2678306.cvz6Un7zzm@xps13> (raw)
In-Reply-To: <0E29434AEE0C3A4180987AB476A6F6306D281C01@IRSMSX109.ger.corp.intel.com>

Hi Alan,

2014-10-20 15:26, Carew, Alan:
> A comment on my own patch.
> 
> Making the size of result_buf consistent across each OS and keeping it as large
> as the Linux BUFSIZ(8192) doesn't really address the core issue.
> 
> In the event that a user of librte_cmdline creates a custom context with a
> result structure > 8192 bytes then this problem will occur again, though 
> somewhat unlikely, as the minimum number of the largest type would be 64 x 
> cmdline_fixed_string_t types within a result structure, at its current size.
> 
> There is no checking of overflow, I would be tempted to add a runtime check in
> cmdline_parse()/match_inst(), however I would be more comfortable with a build
> time check for this type of problem.
> 
> Due to the opaque handling of user defined contexts there is no obvious way to
> do this at build time.
> 
> Thoughts?

librte_cmdline derivates from libcmdline written by Olivier Matz: 
	http://git.droids-corp.org/?p=libcmdline.git
Maybe there are some fixes to take here, and probably Olivier will have
some good insights.


> > -----Original Message-----
> > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Alan Carew
> > Sent: Monday, October 20, 2014 4:23 PM
> > To: dev@dpdk.org
> > Subject: [dpdk-dev] [PATCH] librte_cmdline: FreeBSD Fix oveflow when size of
> > command result structure is greater than BUFSIZ
> > 
> > When using test-pmd with flow director in FreeBSD, the application will
> > segfault/Bus error while parsing the command-line. This is due to how
> > each commands result structure is represented during parsing, where the offsets
> > for each tokens value is stored in a character array(char result_buf[BUFSIZ])
> > in cmdline_parse()(./lib/librte_cmdline/cmdline_parse.c).
> > 
> > The overflow occurs where BUFSIZ is less than the size of a commands result
> > structure, in this case "struct cmd_pkt_filter_result"
> > (app/test-pmd/cmdline.c) is 1088 bytes and BUFSIZ on FreeBSD is 1024 bytes as
> > opposed to 8192 bytes on Linux.
> > 
> > This patch removes the OS dependency on BUFSIZ and defines and uses a
> > library #define CMDLINE_PARSE_RESULT_BUFSIZE 8192
> > 
> > The problem can be reproduced by running test-pmd on FreeBSD:
> > ./testpmd -c 0x3 -n 4 -- -i --portmask=0x3 --pkt-filter-mode=perfect
> > And adding a filter:
> > add_perfect_filter 0 udp src 192.168.0.0 1024 dst 192.168.0.0 1024 flexbytes
> > 0x800 vlan 0 queue 0 soft 0x17
> > 
> > Signed-off-by: Alan Carew <alan.carew@intel.com>
> > ---
> >  lib/librte_cmdline/cmdline_parse.c | 2 +-
> >  lib/librte_cmdline/cmdline_parse.h | 3 +++
> >  2 files changed, 4 insertions(+), 1 deletion(-)
[...]
> > --- a/lib/librte_cmdline/cmdline_parse.c
> > +++ b/lib/librte_cmdline/cmdline_parse.c
> > @@ -219,7 +219,7 @@ cmdline_parse(struct cmdline *cl, const char * buf)
> >  	unsigned int inst_num=0;
> >  	cmdline_parse_inst_t *inst;
> >  	const char *curbuf;
> > -	char result_buf[BUFSIZ];
> > +	char result_buf[CMDLINE_PARSE_RESULT_BUFSIZE];
[...]
> > --- a/lib/librte_cmdline/cmdline_parse.h
> > +++ b/lib/librte_cmdline/cmdline_parse.h
> > @@ -80,6 +80,9 @@ extern "C" {
> >  #define CMDLINE_PARSE_COMPLETE_AGAIN    1
> >  #define CMDLINE_PARSE_COMPLETED_BUFFER  2
> > 
> > +/* maximum buffer size for parsed result */
> > +#define CMDLINE_PARSE_RESULT_BUFSIZE 8192
> > +

  reply	other threads:[~2014-10-20 20:17 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-20 15:23 Alan Carew
2014-10-20 15:26 ` Carew, Alan
2014-10-20 20:25   ` Thomas Monjalon [this message]
2014-10-27  9:14   ` Olivier MATZ
2014-12-03 16:05     ` Olivier MATZ
2014-12-03 18:12       ` Thomas Monjalon
2014-12-04 14:01         ` Carew, Alan
2014-12-04 14:15           ` Olivier MATZ
2014-12-04 15:18           ` Thomas Monjalon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2678306.cvz6Un7zzm@xps13 \
    --to=thomas.monjalon@6wind.com \
    --cc=alan.carew@intel.com \
    --cc=dev@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git