patches for DPDK stable branches
 help / color / mirror / Atom feed
From: Kevin Traynor <ktraynor@redhat.com>
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: Bruce Richardson <bruce.richardson@intel.com>,
	dpdk stable <stable@dpdk.org>
Subject: [dpdk-stable] patch 'cfgfile: fix stack buffer underflow' has been queued to LTS release 18.11.10
Date: Thu, 20 Aug 2020 16:33:10 +0100	[thread overview]
Message-ID: <20200820153341.171927-5-ktraynor@redhat.com> (raw)
In-Reply-To: <20200820153341.171927-1-ktraynor@redhat.com>

Hi,

FYI, your patch has been queued to LTS release 18.11.10

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 08/25/20. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable-queue/commit/f567b9af5186940a95fd9ed8cd19ca6525708229

Thanks.

Kevin.

---
From f567b9af5186940a95fd9ed8cd19ca6525708229 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen@networkplumber.org>
Date: Wed, 1 Jul 2020 20:05:58 -0700
Subject: [PATCH] cfgfile: fix stack buffer underflow

[ upstream commit 041a3971c8f47f7850586c601b7002652dc9327c ]

If cfgfile is give a line with comment character at the start
of the line, it will dereference outside of the buffer.

Detected with address sanitizer:

SUMMARY: AddressSanitizer: stack-buffer-underflow
lib/librte_cfgfile/rte_cfgfile.c:194 in rte_cfgfile_load_with_params
Shadow bytes around the buggy address:
  0x200fff79f6a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f6b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f6c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f6d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f6e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x200fff79f6f0: 00 00 00 00 f1 f1 f1[f1]00 00 00 00 00 00 00 00
  0x200fff79f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f720: 04 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00
  0x200fff79f730: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2
  0x200fff79f740: f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==2189==ABORTING

Fixes: a6a47ac9c2c9 ("cfgfile: rework load function")

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Bruce Richardson <bruce.richardson@intel.com>
---
 lib/librte_cfgfile/rte_cfgfile.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
index 6142696341..3b0ce68b19 100644
--- a/lib/librte_cfgfile/rte_cfgfile.c
+++ b/lib/librte_cfgfile/rte_cfgfile.c
@@ -186,5 +186,6 @@ rte_cfgfile_load_with_params(const char *filename, int flags,
 		/* skip parsing if comment character found */
 		pos = memchr(buffer, params->comment_character, len);
-		if (pos != NULL && (*(pos-1) != '\\')) {
+		if (pos != NULL &&
+		    (pos == buffer || *(pos-1) != '\\')) {
 			*pos = '\0';
 			len = pos -  buffer;
-- 
2.26.2

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2020-08-20 16:26:16.079025498 +0100
+++ 0005-cfgfile-fix-stack-buffer-underflow.patch	2020-08-20 16:26:15.756323707 +0100
@@ -1 +1 @@
-From 041a3971c8f47f7850586c601b7002652dc9327c Mon Sep 17 00:00:00 2001
+From f567b9af5186940a95fd9ed8cd19ca6525708229 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 041a3971c8f47f7850586c601b7002652dc9327c ]
+
@@ -47 +48,0 @@
-Cc: stable@dpdk.org
@@ -56 +57 @@
-index f132e40563..002022263e 100644
+index 6142696341..3b0ce68b19 100644
@@ -59 +60 @@
-@@ -192,5 +192,6 @@ rte_cfgfile_load_with_params(const char *filename, int flags,
+@@ -186,5 +186,6 @@ rte_cfgfile_load_with_params(const char *filename, int flags,


  parent reply	other threads:[~2020-08-20 15:34 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-20 15:33 [dpdk-stable] patch 'test: fix rpath for drivers with meson' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'rawdev: allow getting info for unknown device' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'rawdev: fill NUMA socket ID in info' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'rawdev: export dump function in map file' " Kevin Traynor
2020-08-20 15:33 ` Kevin Traynor [this message]
2020-08-20 15:33 ` [dpdk-stable] patch 'drivers/crypto: add missing OOP feature flag' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'test/crypto: fix asymmetric session mempool creation' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'common/cpt: fix encryption offset' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'crypto/dpaax_sec: fix inline query for descriptors' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'service: fix core mapping reset' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'net/ixgbe: report 10Mbps link speed for x553' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'net/iavf: fix uninitialized variable' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'net/ixgbe/base: remove dead code' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'net/i40e: fix getting EEPROM information' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'app/testpmd: use clock time in throughput calculation' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'app/testpmd: fix burst percentage " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'ethdev: fix log type for some error messages' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'service: fix C++ linkage' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'net: fix unneeded replacement of TCP checksum 0' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'net: fix checksum on big endian CPUs' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'eal: fix parentheses in alignment macros' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'vhost: fix virtio ready flag check' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'bus/fslmc: fix getting FD error' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'net/dpaa: fix FD offset data type' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'net/bonding: fix socket ID check' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'net/netvsc: fix underflow when Rx external mbuf' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'net/ixgbe/base: fix host interface shadow RAM read' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'net/ixgbe/base: fix x550em 10G NIC link status' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'net/ixgbe/base: fix infinite recursion on PCIe link down' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'ethdev: fix data room size verification in Rx queue setup' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'net/nfp: fix RSS hash configuration reporting' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'drivers/net: fix exposing internal headers' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'net/bonding: fix LACP negotiation' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'net/bnxt: remove unused enum declaration' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'examples/fips_validation: fix parsing of TDES vectors' " Kevin Traynor
2020-08-20 15:33 ` [dpdk-stable] patch 'examples/fips_validation: fix count overwrite for TDES' " Kevin Traynor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200820153341.171927-5-ktraynor@redhat.com \
    --to=ktraynor@redhat.com \
    --cc=bruce.richardson@intel.com \
    --cc=stable@dpdk.org \
    --cc=stephen@networkplumber.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).