From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <yliu@fridaylinux.org>
Received: from mail-pf0-f171.google.com (mail-pf0-f171.google.com
 [209.85.192.171]) by dpdk.org (Postfix) with ESMTP id 092963230
 for <stable@dpdk.org>; Wed, 27 Sep 2017 11:25:26 +0200 (CEST)
Received: by mail-pf0-f171.google.com with SMTP id n24so6971066pfk.5
 for <stable@dpdk.org>; Wed, 27 Sep 2017 02:25:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=fridaylinux-org.20150623.gappssmtp.com; s=20150623;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=f2hgobgE3RAz0/mwEbcI+epADFL5UM1+4dminRrSLyw=;
 b=wCE19IAr1Pj2b1n8PiwNzD8vJVgMjkvOR57SKjaKPLp4CWEc+7XXXhbbjJy1plpIhm
 FcolFiP/CHf/n7cfHg63jCGuptXTbOUGTYcFlCWc25kOyZbci8obN3DO1dzm9UJk/uua
 XyLpwXg5iVjbLgqoA//SEajtLkqvO+HKpVexlPNPPdlr4yuMYC/rvaE7mrr/pEnV8QLw
 esNSZNHB8wPtXgDu+UicF+UpK5PVEfBsDSA3SZydaCz3rXqpeVM/4xn6B0I/DhiY+luR
 D5P/qiEJOA0NqsJK7H8Mo/oVOIaPdHsOFk7gIz/xEm9hb+2QzGGo0YoMZP12Pys+uqFy
 mlBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to:user-agent;
 bh=f2hgobgE3RAz0/mwEbcI+epADFL5UM1+4dminRrSLyw=;
 b=rOS15cFhAwTzuZJUMrY233xJzC7SifARxnLw38lImqhb/4CizwCeKDyCT+rj1NDoI+
 w9g091pK8XPYbzT+gjjZBVIU3SlzqYHLDNmY7V0leybw5CuhAyhzize3tGofLZW3AYu5
 rLXCM6hIO/DEp85YPrdn1lYGLO09wzusFzqS37RicWoQgBfDZ61f+SlOdwgDXA98rwho
 3LQg3SI10mzMRFrnnfflc8omHX1YYrSn+CxzXuVlNnmaYXuLfmcWrujTedZyol7S0VFM
 V83IQoZnF9YFUXu6Citt37qqUza9QlPW1zItf2f16p+3oRUfBFHvz+USUwvS7fxHNoCn
 dxAg==
X-Gm-Message-State: AHPjjUhqW4G+eKtfdrTtSPWXAEuMB5oep5QqEul/pwSWKu1lci8IaxIG
 YOE/E7aqeDxrs7440OATx4h1W2Do1+U=
X-Google-Smtp-Source: AOwi7QCBok5PLb5FfMPMnatLfksBHaUoYbhlQEpSVaWUAX8htdUNDKkDXfS3YFeYFpAKPs8cFpeB1g==
X-Received: by 10.98.198.70 with SMTP id m67mr736301pfg.237.1506504325273;
 Wed, 27 Sep 2017 02:25:25 -0700 (PDT)
Received: from yliu-home ([45.63.61.64])
 by smtp.gmail.com with ESMTPSA id k25sm17617105pgf.13.2017.09.27.02.25.22
 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Wed, 27 Sep 2017 02:25:24 -0700 (PDT)
Date: Wed, 27 Sep 2017 17:25:17 +0800
From: Yuanhan Liu <yliu@fridaylinux.org>
To: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Cc: dev@dpdk.org, jianfeng.tan@intel.com, stable@dpdk.org
Message-ID: <20170927092517.GI2251@yliu-home>
References: <20170920132556.5310-1-danielx.t.mrzyglod@intel.com>
 <20170922152149.16876-1-danielx.t.mrzyglod@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20170922152149.16876-1-danielx.t.mrzyglod@intel.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Subject: Re: [dpdk-stable] [PATCH v3] net/virtio: fix of untrusted scalar
	value
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Sep 2017 09:25:26 -0000

On Fri, Sep 22, 2017 at 05:21:49PM +0200, Daniel Mrzyglod wrote:
> The unscrutinized value may be incorrectly assumed to be within a certain
> range by later operations.
> 
> In vhost_user_read: An unscrutinized value from an untrusted source used
> in a trusted context - the value of sz_payload may be harmfull and we need
> limit them to the max value of payload.
> 
> Coverity issue: 139601
> 
> Fixes: 6a84c37e3975 ("net/virtio-user: add vhost-user adapter layer")
> Cc: jianfeng.tan@intel.com
> Cc: stable@dpdk.org
> 
> Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>

FYI, you should put the Ack from Jianfeng here, so that it will be
there when I apply your patch. Otherwise, I have to add it back manually.

But never mind, I have done it this time. So, applied to dpdk-next-virtio.

Thanks.

	--yliu

> ---
> v3:
> * there were wrong v2 email adress for stable dpdk mailinglist
> * fix compilation errors
> 
> v2:
> * Add Cc for stable in gitlog massage
> * Add Coverity line
> * v1 was acked by Acked-by: Jianfeng Tan <jianfeng.tan@intel.com>
> 
> 
>  drivers/net/virtio/virtio_user/vhost_user.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/drivers/net/virtio/virtio_user/vhost_user.c b/drivers/net/virtio/virtio_user/vhost_user.c
> index 4ad7b21..97bd832 100644
> --- a/drivers/net/virtio/virtio_user/vhost_user.c
> +++ b/drivers/net/virtio/virtio_user/vhost_user.c
> @@ -130,6 +130,10 @@ vhost_user_read(int fd, struct vhost_user_msg *msg)
>  	}
>  
>  	sz_payload = msg->size;
> +
> +	if ((size_t)sz_payload > sizeof(msg->payload))
> +		goto fail;
> +
>  	if (sz_payload) {
>  		ret = recv(fd, (void *)((char *)msg + sz_hdr), sz_payload, 0);
>  		if (ret < sz_payload) {
> -- 
> 2.7.4