[dpdk-dev] net/virtio: fix of untrusted scalar value
Checks
Commit Message
The unscrutinized value may be incorrectly assumed to be within a certain
range by later operations.
In vhost_user_read: An unscrutinized value from an untrusted source used
in a trusted context - the value of sz_payload may be harmfull and we need
limit them to the max value of payload.
Fixes: 6a84c37e3975 ("net/virtio-user: add vhost-user adapter layer")
Cc: jianfeng.tan@intel.com
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
---
drivers/net/virtio/virtio_user/vhost_user.c | 4 ++++
1 file changed, 4 insertions(+)
Comments
This patch is for Coverity issue: 139601
Does it need v2 for updating Message Body ?
Hi,
> -----Original Message-----
> From: Mrzyglod, DanielX T
> Sent: Wednesday, September 20, 2017 5:19 PM
> To: yliu@fridaylinux.org
> Cc: dev@dpdk.org; Mrzyglod, DanielX T; Tan, Jianfeng
> Subject: [PATCH] net/virtio: fix of untrusted scalar value
>
> The unscrutinized value may be incorrectly assumed to be within a certain
> range by later operations.
>
> In vhost_user_read: An unscrutinized value from an untrusted source used
> in a trusted context - the value of sz_payload may be harmfull and we need
> limit them to the max value of payload.
Please add below line.
Coverity issue: 139601
>
> Fixes: 6a84c37e3975 ("net/virtio-user: add vhost-user adapter layer")
> Cc: jianfeng.tan@intel.com
>
> Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Jianfeng Tan <jianfeng.tan@intel.com>
Thanks,
Jianfeng
@@ -130,6 +130,10 @@ vhost_user_read(int fd, struct vhost_user_msg *msg)
}
sz_payload = msg->size;
+
+ if (sz_payload > sizeof(msg->payload))
+ goto fail;
+
if (sz_payload) {
ret = recv(fd, (void *)((char *)msg + sz_hdr), sz_payload, 0);
if (ret < sz_payload) {