[dpdk-stable] patch 'net/nfp: fix possible buffer overflow' has been queued to LTS release 18.11.2

[Kevin Traynor <ktraynor@redhat.com>]

Hi,

FYI, your patch has been queued to LTS release 18.11.2

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 04/24/19. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Thanks.

Kevin Traynor

---
From 458ede605fabc48f152db2df9d679e61fa5a2123 Mon Sep 17 00:00:00 2001
From: Pallantla Poornima <pallantlax.poornima@intel.com>
Date: Fri, 8 Mar 2019 10:28:05 +0000
Subject: [PATCH] net/nfp: fix possible buffer overflow

[ upstream commit 968e9c14f3fe51174e8cda7eb9148985f28f1bb3 ]

sprintf function is not secure as it doesn't check the length of string.
More secure function snprintf is used.

Fixes: 896c265ef954 ("net/nfp: use new CPP interface")
Fixes: c4171b520b3f ("net/nfp: support PF multiport")

Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
Acked-by: Alejandro Lucero <alejandro.lucero@netronome.com>
Tested-by: Alejandro Lucero <alejandro.lucero@netronome.com>
---
 drivers/net/nfp/nfp_net.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/drivers/net/nfp/nfp_net.c b/drivers/net/nfp/nfp_net.c
index 2e3879176..99c9b46e8 100644
--- a/drivers/net/nfp/nfp_net.c
+++ b/drivers/net/nfp/nfp_net.c
@@ -2958,7 +2958,7 @@ nfp_pf_create_dev(struct rte_pci_device *dev, int port, int ports,
 
 	if (ports > 1)
-		sprintf(port_name, "%s_port%d", dev->device.name, port);
+		snprintf(port_name, 100, "%s_port%d", dev->device.name, port);
 	else
-		sprintf(port_name, "%s", dev->device.name);
+		strlcat(port_name, dev->device.name, 100);
 
 	eth_dev = rte_eth_dev_allocate(port_name);
@@ -3025,10 +3025,12 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
 
 	/* First try to find a firmware image specific for this device */
-	sprintf(serial, "serial-%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x",
+	snprintf(serial, sizeof(serial),
+			"serial-%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x",
 		cpp->serial[0], cpp->serial[1], cpp->serial[2], cpp->serial[3],
 		cpp->serial[4], cpp->serial[5], cpp->interface >> 8,
 		cpp->interface & 0xff);
 
-	sprintf(fw_name, "%s/%s.nffw", DEFAULT_FW_PATH, serial);
+	snprintf(fw_name, sizeof(fw_name), "%s/%s.nffw", DEFAULT_FW_PATH,
+			serial);
 
 	PMD_DRV_LOG(DEBUG, "Trying with fw file: %s", fw_name);
@@ -3038,5 +3040,6 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
 
 	/* Then try the PCI name */
-	sprintf(fw_name, "%s/pci-%s.nffw", DEFAULT_FW_PATH, dev->device.name);
+	snprintf(fw_name, sizeof(fw_name), "%s/pci-%s.nffw", DEFAULT_FW_PATH,
+			dev->device.name);
 
 	PMD_DRV_LOG(DEBUG, "Trying with fw file: %s", fw_name);
@@ -3046,5 +3049,5 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
 
 	/* Finally try the card type and media */
-	sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card);
+	snprintf(fw_name, sizeof(fw_name), "%s/%s", DEFAULT_FW_PATH, card);
 	PMD_DRV_LOG(DEBUG, "Trying with fw file: %s", fw_name);
 	fw_f = open(fw_name, O_RDONLY);
@@ -3122,6 +3125,7 @@ nfp_fw_setup(struct rte_pci_device *dev, struct nfp_cpp *cpp,
 	PMD_DRV_LOG(INFO, "Port speed: %u", nfp_eth_table->ports[0].speed);
 
-	sprintf(card_desc, "nic_%s_%dx%d.nffw", nfp_fw_model,
-		nfp_eth_table->count, nfp_eth_table->ports[0].speed / 1000);
+	snprintf(card_desc, sizeof(card_desc), "nic_%s_%dx%d.nffw",
+			nfp_fw_model, nfp_eth_table->count,
+			nfp_eth_table->ports[0].speed / 1000);
 
 	nsp = nfp_nsp_open(cpp);
-- 
2.20.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2019-04-16 15:34:26.704800549 +0100
+++ 0034-net-nfp-fix-possible-buffer-overflow.patch	2019-04-16 15:34:25.184179861 +0100
@@ -1,14 +1,15 @@
-From 968e9c14f3fe51174e8cda7eb9148985f28f1bb3 Mon Sep 17 00:00:00 2001
+From 458ede605fabc48f152db2df9d679e61fa5a2123 Mon Sep 17 00:00:00 2001
 From: Pallantla Poornima <pallantlax.poornima@intel.com>
 Date: Fri, 8 Mar 2019 10:28:05 +0000
 Subject: [PATCH] net/nfp: fix possible buffer overflow
 
+[ upstream commit 968e9c14f3fe51174e8cda7eb9148985f28f1bb3 ]
+
 sprintf function is not secure as it doesn't check the length of string.
 More secure function snprintf is used.
 
 Fixes: 896c265ef954 ("net/nfp: use new CPP interface")
 Fixes: c4171b520b3f ("net/nfp: support PF multiport")
-Cc: stable@dpdk.org
 
 Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
 Acked-by: Alejandro Lucero <alejandro.lucero@netronome.com>
@@ -18,10 +19,10 @@
  1 file changed, 12 insertions(+), 8 deletions(-)
 
 diff --git a/drivers/net/nfp/nfp_net.c b/drivers/net/nfp/nfp_net.c
-index fa7722a47..611a6ee35 100644
+index 2e3879176..99c9b46e8 100644
 --- a/drivers/net/nfp/nfp_net.c
 +++ b/drivers/net/nfp/nfp_net.c
-@@ -3322,7 +3322,7 @@ nfp_pf_create_dev(struct rte_pci_device *dev, int port, int ports,
+@@ -2958,7 +2958,7 @@ nfp_pf_create_dev(struct rte_pci_device *dev, int port, int ports,
  
  	if (ports > 1)
 -		sprintf(port_name, "%s_port%d", dev->device.name, port);
@@ -30,8 +31,8 @@
 -		sprintf(port_name, "%s", dev->device.name);
 +		strlcat(port_name, dev->device.name, 100);
  
- 
-@@ -3437,10 +3437,12 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
+ 	eth_dev = rte_eth_dev_allocate(port_name);
+@@ -3025,10 +3025,12 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
  
  	/* First try to find a firmware image specific for this device */
 -	sprintf(serial, "serial-%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x",
@@ -46,7 +47,7 @@
 +			serial);
  
  	PMD_DRV_LOG(DEBUG, "Trying with fw file: %s", fw_name);
-@@ -3450,5 +3452,6 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
+@@ -3038,5 +3040,6 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
  
  	/* Then try the PCI name */
 -	sprintf(fw_name, "%s/pci-%s.nffw", DEFAULT_FW_PATH, dev->device.name);
@@ -54,14 +55,14 @@
 +			dev->device.name);
  
  	PMD_DRV_LOG(DEBUG, "Trying with fw file: %s", fw_name);
-@@ -3458,5 +3461,5 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
+@@ -3046,5 +3049,5 @@ nfp_fw_upload(struct rte_pci_device *dev, struct nfp_nsp *nsp, char *card)
  
  	/* Finally try the card type and media */
 -	sprintf(fw_name, "%s/%s", DEFAULT_FW_PATH, card);
 +	snprintf(fw_name, sizeof(fw_name), "%s/%s", DEFAULT_FW_PATH, card);
  	PMD_DRV_LOG(DEBUG, "Trying with fw file: %s", fw_name);
  	fw_f = open(fw_name, O_RDONLY);
-@@ -3534,6 +3537,7 @@ nfp_fw_setup(struct rte_pci_device *dev, struct nfp_cpp *cpp,
+@@ -3122,6 +3125,7 @@ nfp_fw_setup(struct rte_pci_device *dev, struct nfp_cpp *cpp,
  	PMD_DRV_LOG(INFO, "Port speed: %u", nfp_eth_table->ports[0].speed);
  
 -	sprintf(card_desc, "nic_%s_%dx%d.nffw", nfp_fw_model,