From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 83A72A04DD
	for <public@inbox.dpdk.org>; Wed, 28 Oct 2020 11:54:06 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 40F5BCA18;
	Wed, 28 Oct 2020 11:54:05 +0100 (CET)
Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com
 [209.85.128.46]) by dpdk.org (Postfix) with ESMTP id 1DF9CCA10
 for <stable@dpdk.org>; Wed, 28 Oct 2020 11:54:04 +0100 (CET)
Received: by mail-wm1-f46.google.com with SMTP id d3so4309109wma.4
 for <stable@dpdk.org>; Wed, 28 Oct 2020 03:54:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=Iud1m0NAljoMuv13POrUNCPjqyyR53YGCGAHjBZTxww=;
 b=nx+KCwCaJ+qRI8ICilDPWW2+cah1AsuqCdOIxuHdsx7G+p0zZKOz2wgtAU8Fm6/Fcz
 G9Xst1PgTQGZ6nmER8KQT5sZrUffkRZts5FjjiXXFjs3iq8YJrDXzYQ/tFt99jamtvWw
 RjS6UETaj4WBImB49liApKgKGip4zFn1XG9nukEirnRC27ofiQt7Za42EkJLZ1xzvPZ4
 wNGMRdSCDI/OlCbmYROF8lIgMCGxd/2ckiRef5LlLqerWAX0rwvKL4+QRqKdHZZ0ngSR
 OlZx875cpR7QZDBSCtTMhvS02e8+kKo2SWpb8STM4XC/O0zkedclJugjjmF2LKtwQGME
 p8KQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=Iud1m0NAljoMuv13POrUNCPjqyyR53YGCGAHjBZTxww=;
 b=pje8s3oW5wNwMv81jpRgg76t3nL8fYCe1xAq92H5FC/Rd3RKzZv14RlVqx8aTj3j6V
 fr7QwKYh5zdVBbiVmz9Yit3g7Gegye6e0Hl5oFqtV1zOaL4I6QcKzLp4h3FQpWv4rfF+
 p4XsPN32FuNujYRQTOShc5/kDQhB2R1n5CqaGiliLGPL7pNsoRSAYa06A1UZqqJvNPz8
 pqow9EZoG4O9BCXO1fvUBBPva+7qbe/qdJHfaQxqf/4lzSE+9/wOq1RVEIWkcNMsotpJ
 Bsusd6e/VkFv8nhpqVFmkmN5KP7hGGuLSgcOflj9jUx46RvdSGPI3ahNTaWACAPk5ywg
 AcrQ==
X-Gm-Message-State: AOAM532sbLcg1T9e2E7xfuaHdzCbBYsTdfjpMpIzFXlkrV12hEdxMXyT
 ajGTpNb9cTWcOHCunZMPzrw=
X-Google-Smtp-Source: ABdhPJxtX/uaDBQmczL7tRF41TRFRx3PINZ0iXJCdRCZnrrk3DYzMooLgxyz+l45L65EfCjIijXtjg==
X-Received: by 2002:a7b:cb09:: with SMTP id u9mr6217647wmj.49.1603882442860;
 Wed, 28 Oct 2020 03:54:02 -0700 (PDT)
Received: from localhost ([88.98.246.218])
 by smtp.gmail.com with ESMTPSA id q5sm6824432wrs.54.2020.10.28.03.54.02
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 28 Oct 2020 03:54:02 -0700 (PDT)
From: luca.boccassi@gmail.com
To: Olivier Matz <olivier.matz@6wind.com>
Cc: Fan Zhang <roy.fan.zhang@intel.com>,
	dpdk stable <stable@dpdk.org>
Date: Wed, 28 Oct 2020 10:45:09 +0000
Message-Id: <20201028104606.3504127-150-luca.boccassi@gmail.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20201028104606.3504127-1-luca.boccassi@gmail.com>
References: <20201028104606.3504127-1-luca.boccassi@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [dpdk-stable] patch 'examples/fips_validation: fix buffer overflow'
	has been queued to stable release 19.11.6
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org
Sender: "stable" <stable-bounces@dpdk.org>

Hi,

FYI, your patch has been queued to stable release 19.11.6

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 10/30/20. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Thanks.

Luca Boccassi

---
>From ee56b4aeff67262f14409fc587eb5bdd346f3d43 Mon Sep 17 00:00:00 2001
From: Olivier Matz <olivier.matz@6wind.com>
Date: Tue, 6 Oct 2020 09:41:41 +0200
Subject: [PATCH] examples/fips_validation: fix buffer overflow

[ upstream commit 9275af3bd9faa0337b418736bb622704d158fbac ]

If the file name is larger than MAX_STRING_SIZE (64), strcpy()
will overwrite the content of memory.

Replace strcpy() by rte_strscpy(), check its return value, and
increase file_name size to 256.

Fixes: 3d0fad56b74a ("examples/fips_validation: add crypto FIPS application")

Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
---
 examples/fips_validation/fips_validation.c | 12 ++++++++++--
 examples/fips_validation/fips_validation.h |  3 ++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index 303f03495b..778c734fb2 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -275,7 +275,11 @@ fips_test_init(const char *req_file_path, const char *rsp_file_path,
 
 	fips_test_clear();
 
-	strcpy(info.file_name, req_file_path);
+	if (rte_strscpy(info.file_name, req_file_path,
+				sizeof(info.file_name)) < 0) {
+		RTE_LOG(ERR, USER1, "Path %s too long\n", req_file_path);
+		return -EINVAL;
+	}
 	info.algo = FIPS_TEST_ALGO_MAX;
 	if (parse_file_type(req_file_path) < 0) {
 		RTE_LOG(ERR, USER1, "File %s type not supported\n",
@@ -301,7 +305,11 @@ fips_test_init(const char *req_file_path, const char *rsp_file_path,
 		return -ENOMEM;
 	}
 
-	strlcpy(info.device_name, device_name, sizeof(info.device_name));
+	if (rte_strscpy(info.device_name, device_name,
+				sizeof(info.device_name)) < 0) {
+		RTE_LOG(ERR, USER1, "Device name %s too long\n", device_name);
+		return -EINVAL;
+	}
 
 	if (fips_test_parse_header() < 0) {
 		RTE_LOG(ERR, USER1, "Failed parsing header\n");
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index d517365291..fb0194d57b 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -14,6 +14,7 @@
 #define MAX_NB_TESTS		10240
 #define MAX_BUF_SIZE		2048
 #define MAX_STRING_SIZE		64
+#define MAX_FILE_NAME_SIZE	256
 #define MAX_DIGEST_SIZE		64
 
 #define POSITIVE_TEST		0
@@ -163,7 +164,7 @@ struct fips_test_interim_info {
 	uint32_t vec_start_off;
 	uint32_t nb_vec_lines;
 	char device_name[MAX_STRING_SIZE];
-	char file_name[MAX_STRING_SIZE];
+	char file_name[MAX_FILE_NAME_SIZE];
 
 	union {
 		struct aesavs_interim_data aes_data;
-- 
2.20.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2020-10-28 10:35:16.396894405 +0000
+++ 0150-examples-fips_validation-fix-buffer-overflow.patch	2020-10-28 10:35:11.740833497 +0000
@@ -1,8 +1,10 @@
-From 9275af3bd9faa0337b418736bb622704d158fbac Mon Sep 17 00:00:00 2001
+From ee56b4aeff67262f14409fc587eb5bdd346f3d43 Mon Sep 17 00:00:00 2001
 From: Olivier Matz <olivier.matz@6wind.com>
 Date: Tue, 6 Oct 2020 09:41:41 +0200
 Subject: [PATCH] examples/fips_validation: fix buffer overflow
 
+[ upstream commit 9275af3bd9faa0337b418736bb622704d158fbac ]
+
 If the file name is larger than MAX_STRING_SIZE (64), strcpy()
 will overwrite the content of memory.
 
@@ -10,7 +12,6 @@
 increase file_name size to 256.
 
 Fixes: 3d0fad56b74a ("examples/fips_validation: add crypto FIPS application")
-Cc: stable@dpdk.org
 
 Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
 Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
@@ -20,10 +21,10 @@
  2 files changed, 12 insertions(+), 3 deletions(-)
 
 diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
-index 9bdf257b8b..13f763c9aa 100644
+index 303f03495b..778c734fb2 100644
 --- a/examples/fips_validation/fips_validation.c
 +++ b/examples/fips_validation/fips_validation.c
-@@ -281,7 +281,11 @@ fips_test_init(const char *req_file_path, const char *rsp_file_path,
+@@ -275,7 +275,11 @@ fips_test_init(const char *req_file_path, const char *rsp_file_path,
  
  	fips_test_clear();
  
@@ -36,7 +37,7 @@
  	info.algo = FIPS_TEST_ALGO_MAX;
  	if (parse_file_type(req_file_path) < 0) {
  		RTE_LOG(ERR, USER1, "File %s type not supported\n",
-@@ -307,7 +311,11 @@ fips_test_init(const char *req_file_path, const char *rsp_file_path,
+@@ -301,7 +305,11 @@ fips_test_init(const char *req_file_path, const char *rsp_file_path,
  		return -ENOMEM;
  	}
  
@@ -50,7 +51,7 @@
  	if (fips_test_parse_header() < 0) {
  		RTE_LOG(ERR, USER1, "Failed parsing header\n");
 diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
-index 75fa555fa6..deba83eada 100644
+index d517365291..fb0194d57b 100644
 --- a/examples/fips_validation/fips_validation.h
 +++ b/examples/fips_validation/fips_validation.h
 @@ -14,6 +14,7 @@
@@ -61,7 +62,7 @@
  #define MAX_DIGEST_SIZE		64
  
  #define POSITIVE_TEST		0
-@@ -164,7 +165,7 @@ struct fips_test_interim_info {
+@@ -163,7 +164,7 @@ struct fips_test_interim_info {
  	uint32_t vec_start_off;
  	uint32_t nb_vec_lines;
  	char device_name[MAX_STRING_SIZE];