Re: [dpdk-dev] [RFC 3/3] app/testpmd: fix hex string parser in flow commands

Re: [dpdk-dev] [RFC 3/3] app/testpmd: fix hex string parser in flow commands

[Singh, Aman Deep]

Hi Ovsiienko,

Can you please provide the flow command which causes "segmentation fault".

Thanks
Aman

Re: [dpdk-dev] [RFC 3/3] app/testpmd: fix hex string parser in flow commands

[Slava Ovsiienko]

Hi, Aman

An example:

testpmd> flow create 0 ingress pattern eth / end actions rss key 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef queues 0 end / end

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5de366d in __memset_sse2 () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install elfutils-libelf-0.170-4.el7.x86_64 glibc-2.17-222.el7.x86_64 jansson-2.10-1.el7.x86_64 libnl3-3.2.28-4.el7.x86_64 numactl-libs-2.0.9-7.el7.x86_64 openssl-libs-1.0.2k-12.el7.x86_64 zlib-1.2.7-17.el7.x86_64
(gdb)

With best regards,
Slava

From: Singh, Aman Deep <aman.deep.singh@intel.com>
Sent: Wednesday, September 29, 2021 15:23
To: Slava Ovsiienko <viacheslavo@nvidia.com>
Cc: dev@dpdk.org; Ori Kam <orika@nvidia.com>; stable@dpdk.org
Subject: Re: [dpdk-dev] [RFC 3/3] app/testpmd: fix hex string parser in flow commands

Hi Ovsiienko,

Can you please provide the flow command which causes "segmentation fault".

Thanks
Aman

[dpdk-dev] [RFC 3/3] app/testpmd: fix hex string parser in flow commands

[Viacheslav Ovsiienko]

The hexadecimal string parser does not check the target
field buffer size, buffer overflow happens and might
cause the application failure (segmentation fault
is observed usually).

Fixes: 169a9fed1f4c ("app/testpmd: fix hex string parser support for flow API")
Cc: stable@dpdk.org

Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
---
 app/test-pmd/cmdline_flow.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/test-pmd/cmdline_flow.c b/app/test-pmd/cmdline_flow.c
index 529ead6b2a..9e7fe1ae9f 100644
--- a/app/test-pmd/cmdline_flow.c
+++ b/app/test-pmd/cmdline_flow.c
@@ -7291,10 +7291,13 @@ parse_hex(struct context *ctx, const struct token *token,
 		hexlen -= 2;
 	}
 	if (hexlen > length)
-		return -1;
+		goto error;
 	ret = parse_hex_string(str, hex_tmp, &hexlen);
 	if (ret < 0)
 		goto error;
+	/* Check the converted binary fits into data buffer. */
+	if (hexlen > size)
+		goto error;
 	/* Let parse_int() fill length information first. */
 	ret = snprintf(tmp, sizeof(tmp), "%u", hexlen);
 	if (ret < 0)
-- 
2.18.1