From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7D894A0518 for ; Fri, 24 Jul 2020 14:06:37 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 752A01C127; Fri, 24 Jul 2020 14:06:37 +0200 (CEST) Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com [209.85.221.66]) by dpdk.org (Postfix) with ESMTP id D6A791C126 for ; Fri, 24 Jul 2020 14:06:35 +0200 (CEST) Received: by mail-wr1-f66.google.com with SMTP id r2so2999090wrs.8 for ; Fri, 24 Jul 2020 05:06:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=SWY3V7y4UHle17DLuJHBcozV7YYK6EWzECQwDYD4VWQ=; b=VL9ht8ItqBI/QaSAcI4kIcvfj3oJIh7Z94mwJGfwr0n9pHnxmzXqgJCZa4fFCicHnO 77iewBs8JledZYCU505k3+UNKta9ScXuYd7P6y01xrt9HG0SDH4swSS37skZpJH3EjVV F0Vv2BSHHKlwMgXl9V+kCWCaXKSBnN8jPG5+s10fMPPOLdtG/WoBKnaKiJXDjPA8ziCV 4zuMUNbvjtUmfnkQzb8x5jR50f75QcjeuhTVvhEBQlJA1lejCWXjj1ByAqsMmRW1lV7G 53yzsgNBUP7FlHDaiROrSP357thbsj8xF1px15xFoNxqA6dFmUighdEE7CUvt8L5ARsP MV2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=SWY3V7y4UHle17DLuJHBcozV7YYK6EWzECQwDYD4VWQ=; b=YrCcqS7Rogf305RDSXf1tvdkzskdkIAVOi105J7DG+VXj2Um/LTTFzjpkPlvjat1l0 s64BWREnsZyxMwF7BqQBhWuuXa3zLJprSDr/WF2c+RsWwEInx1LZoyfwTjFua+ptorDe oWAu04UcNhjg6L+NYnTmAmiqAguVOekWxtIEFmeP0hGCpxJq3tl2sFoFTxTJAkSCpkyJ viDBelbQoPhjbtr3bMatGyX4xyBvz6fJTiwHtM94PAsMBThEh9VsG4vRqUDaxcm/w4CZ CKg194gefmWDfg1oYk3w1wHQvaRDK8ZFmlOIbVAHl2LCrLVcqJ1XefBE2PDwkYL9/YlP Aqnw== X-Gm-Message-State: AOAM531lDXWDqrenC6oD540i0aNoCbUY0yiNFujMokPDIakeZ0TbC0zt Wt+B3cnmlEf1KEojozR3DmU= X-Google-Smtp-Source: ABdhPJybBDCizEf32ctQQrtx2Z+cIZVWObwGpQpaiNR74tMyanS2xKvIHqNDnvoPfNaLV3s+jKeYIw== X-Received: by 2002:adf:f58c:: with SMTP id f12mr8290441wro.314.1595592395387; Fri, 24 Jul 2020 05:06:35 -0700 (PDT) Received: from localhost ([88.98.246.218]) by smtp.gmail.com with ESMTPSA id j16sm1199801wrt.7.2020.07.24.05.06.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Jul 2020 05:06:34 -0700 (PDT) From: luca.boccassi@gmail.com To: Stephen Hemminger Cc: Bruce Richardson , dpdk stable Date: Fri, 24 Jul 2020 12:58:47 +0100 Message-Id: <20200724120030.1863487-89-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200724120030.1863487-1-luca.boccassi@gmail.com> References: <20200724120030.1863487-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'cfgfile: fix stack buffer underflow' has been queued to stable release 19.11.4 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to stable release 19.11.4 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 07/26/20. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Thanks. Luca Boccassi --- >From 3b710031029e919462866fc7fb2692b3bfa7c78d Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 1 Jul 2020 20:05:58 -0700 Subject: [PATCH] cfgfile: fix stack buffer underflow [ upstream commit 041a3971c8f47f7850586c601b7002652dc9327c ] If cfgfile is give a line with comment character at the start of the line, it will dereference outside of the buffer. Detected with address sanitizer: SUMMARY: AddressSanitizer: stack-buffer-underflow lib/librte_cfgfile/rte_cfgfile.c:194 in rte_cfgfile_load_with_params Shadow bytes around the buggy address: 0x200fff79f6a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200fff79f6b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200fff79f6c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200fff79f6d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200fff79f6e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x200fff79f6f0: 00 00 00 00 f1 f1 f1[f1]00 00 00 00 00 00 00 00 0x200fff79f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200fff79f710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200fff79f720: 04 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 0x200fff79f730: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 0x200fff79f740: f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==2189==ABORTING Fixes: a6a47ac9c2c9 ("cfgfile: rework load function") Signed-off-by: Stephen Hemminger Reviewed-by: Bruce Richardson --- lib/librte_cfgfile/rte_cfgfile.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c index 9049fd9c2..0c419d6ad 100644 --- a/lib/librte_cfgfile/rte_cfgfile.c +++ b/lib/librte_cfgfile/rte_cfgfile.c @@ -191,7 +191,8 @@ rte_cfgfile_load_with_params(const char *filename, int flags, } /* skip parsing if comment character found */ pos = memchr(buffer, params->comment_character, len); - if (pos != NULL && (*(pos-1) != '\\')) { + if (pos != NULL && + (pos == buffer || *(pos-1) != '\\')) { *pos = '\0'; len = pos - buffer; } -- 2.20.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2020-07-24 12:53:51.984248021 +0100 +++ 0089-cfgfile-fix-stack-buffer-underflow.patch 2020-07-24 12:53:48.315006981 +0100 @@ -1,8 +1,10 @@ -From 041a3971c8f47f7850586c601b7002652dc9327c Mon Sep 17 00:00:00 2001 +From 3b710031029e919462866fc7fb2692b3bfa7c78d Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 1 Jul 2020 20:05:58 -0700 Subject: [PATCH] cfgfile: fix stack buffer underflow +[ upstream commit 041a3971c8f47f7850586c601b7002652dc9327c ] + If cfgfile is give a line with comment character at the start of the line, it will dereference outside of the buffer. @@ -44,7 +46,6 @@ ==2189==ABORTING Fixes: a6a47ac9c2c9 ("cfgfile: rework load function") -Cc: stable@dpdk.org Signed-off-by: Stephen Hemminger Reviewed-by: Bruce Richardson @@ -53,7 +54,7 @@ 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c -index f132e4056..002022263 100644 +index 9049fd9c2..0c419d6ad 100644 --- a/lib/librte_cfgfile/rte_cfgfile.c +++ b/lib/librte_cfgfile/rte_cfgfile.c @@ -191,7 +191,8 @@ rte_cfgfile_load_with_params(const char *filename, int flags,