diff mbox series

net/softnic: fix null pointer dereference

Message ID	20210727081459.1145664-1-dapengx.yu@intel.com (mailing list archive)
State	Accepted, archived
Delegated to:	Ferruh Yigit
Headers	From: dapengx.yu@intel.com To: Jasvinder Singh <jasvinder.singh@intel.com>, Cristian Dumitrescu <cristian.dumitrescu@intel.com> Cc: dev@dpdk.org, Dapeng Yu <dapengx.yu@intel.com>, stable@dpdk.org Date: Tue, 27 Jul 2021 16:14:59 +0800 Message-Id: <20210727081459.1145664-1-dapengx.yu@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH] net/softnic: fix null pointer dereference Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	net/softnic: fix null pointer dereference \| net/softnic: fix null pointer dereference

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/github-robot	success	github build: passed
ci/Intel-compilation	success	Compilation OK
ci/intel-Testing	success	Testing PASS
ci/iol-abi-testing	success	Testing PASS
ci/iol-testing	success	Testing PASS
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS

Commit Message

Yu, DapengX July 27, 2021, 8:14 a.m. UTC

  From: Dapeng Yu <dapengx.yu@intel.com>

When there is no "firmware" in arguments, the "firmware" pointer is
null, and will be dereferenced by rte_strscpy().

This patch moves the code block which copies character string from
"firmware" to "p->firmware" into the "if" statements where "firmware"
argument exists and it is duplicated successfully.

Coverity issue: 372136
Fixes: d8f852f5f369 ("net/softnic: fix memory leak in arguments parsing")
Cc: stable@dpdk.org

Signed-off-by: Dapeng Yu <dapengx.yu@intel.com>
---
 drivers/net/softnic/rte_eth_softnic.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

Comments

Jasvinder Singh July 27, 2021, 9:16 a.m. UTC | #1

> -----Original Message-----
> From: Yu, DapengX <dapengx.yu@intel.com>
> Sent: Tuesday, July 27, 2021 9:15 AM
> To: Singh, Jasvinder <jasvinder.singh@intel.com>; Dumitrescu, Cristian
> <cristian.dumitrescu@intel.com>
> Cc: dev@dpdk.org; Yu, DapengX <dapengx.yu@intel.com>; stable@dpdk.org
> Subject: [PATCH] net/softnic: fix null pointer dereference
> 
> From: Dapeng Yu <dapengx.yu@intel.com>
> 
> When there is no "firmware" in arguments, the "firmware" pointer is null,
> and will be dereferenced by rte_strscpy().
> 
> This patch moves the code block which copies character string from
> "firmware" to "p->firmware" into the "if" statements where "firmware"
> argument exists and it is duplicated successfully.
> 
> Coverity issue: 372136
> Fixes: d8f852f5f369 ("net/softnic: fix memory leak in arguments parsing")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Dapeng Yu <dapengx.yu@intel.com>
> ---

Acked-by: Jasvinder Singh <jasvinder.singh@intel.com>

Thomas Monjalon July 30, 2021, 11:33 a.m. UTC | #2

> > From: Dapeng Yu <dapengx.yu@intel.com>
> > 
> > When there is no "firmware" in arguments, the "firmware" pointer is null,
> > and will be dereferenced by rte_strscpy().
> > 
> > This patch moves the code block which copies character string from
> > "firmware" to "p->firmware" into the "if" statements where "firmware"
> > argument exists and it is duplicated successfully.
> > 
> > Coverity issue: 372136
> > Fixes: d8f852f5f369 ("net/softnic: fix memory leak in arguments parsing")
> > Cc: stable@dpdk.org
> > 
> > Signed-off-by: Dapeng Yu <dapengx.yu@intel.com>
> 
> Acked-by: Jasvinder Singh <jasvinder.singh@intel.com>

Applied, thanks.

diff mbox series

Patch

diff --git a/drivers/net/softnic/rte_eth_softnic.c b/drivers/net/softnic/rte_eth_softnic.c
index 0aa7147b13..b3b55b9035 100644
--- a/drivers/net/softnic/rte_eth_softnic.c
+++ b/drivers/net/softnic/rte_eth_softnic.c
@@ -479,17 +479,19 @@  pmd_parse_args(struct pmd_params *p, const char *params)
 			&get_string, &firmware);
 		if (ret < 0)
 			goto out_free;
-	}
-	if (rte_strscpy(p->firmware, firmware,
-			sizeof(p->firmware)) < 0) {
-		PMD_LOG(WARNING,
-			"\"%s\": firmware path should be shorter than %zu",
-			firmware, sizeof(p->firmware));
+
+		if (rte_strscpy(p->firmware, firmware,
+				sizeof(p->firmware)) < 0) {
+			PMD_LOG(WARNING,
+				"\"%s\": "
+				"firmware path should be shorter than %zu",
+				firmware, sizeof(p->firmware));
+			free(firmware);
+			ret = -EINVAL;
+			goto out_free;
+		}
 		free(firmware);
-		ret = -EINVAL;
-		goto out_free;
 	}
-	free(firmware);
 	/* Connection listening port (optional) */
 	if (rte_kvargs_count(kvlist, PMD_PARAM_CONN_PORT) == 1) {
 		ret = rte_kvargs_process(kvlist, PMD_PARAM_CONN_PORT,