Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/1229/?format=api
https://patches.dpdk.org/api/patches/1229/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/1415611146-32368-1-git-send-email-alan.carew@intel.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1415611146-32368-1-git-send-email-alan.carew@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1415611146-32368-1-git-send-email-alan.carew@intel.com", "date": "2014-11-10T09:19:06", "name": "[dpdk-dev,v2] librte_cmdline: FreeBSD Fix oveflow when size of command result structure is greater than BUFSIZ", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "32f9da5c03f222e6f108a659de83d074378c24da", "submitter": { "id": 72, "url": "https://patches.dpdk.org/api/people/72/?format=api", "name": "Alan Carew", "email": "alan.carew@intel.com" }, "delegate": null, "mbox": "https://patches.dpdk.org/project/dpdk/patch/1415611146-32368-1-git-send-email-alan.carew@intel.com/mbox/", "series": [], "comments": "https://patches.dpdk.org/api/patches/1229/comments/", "check": "pending", "checks": "https://patches.dpdk.org/api/patches/1229/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [IPv6:::1])\n\tby dpdk.org (Postfix) with ESMTP id D2F097F30;\n\tMon, 10 Nov 2014 10:09:47 +0100 (CET)", "from mga03.intel.com (mga03.intel.com [134.134.136.65])\n\tby dpdk.org (Postfix) with ESMTP id 710297F2D\n\tfor <dev@dpdk.org>; Mon, 10 Nov 2014 10:09:44 +0100 (CET)", "from orsmga002.jf.intel.com ([10.7.209.21])\n\tby orsmga103.jf.intel.com with ESMTP; 10 Nov 2014 01:17:11 -0800", "from sie-lab-212-143.ir.intel.com (HELO\n\tsilpixa00385294.ir.intel.com) ([10.237.212.143])\n\tby orsmga002.jf.intel.com with ESMTP; 10 Nov 2014 01:19:26 -0800" ], "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.07,351,1413270000\"; d=\"scan'208\";a=\"634344076\"", "From": "Alan Carew <alan.carew@intel.com>", "To": "dev@dpdk.org", "Date": "Mon, 10 Nov 2014 09:19:06 +0000", "Message-Id": "<1415611146-32368-1-git-send-email-alan.carew@intel.com>", "X-Mailer": "git-send-email 1.9.3", "In-Reply-To": "<1412003903-9061-1-git-send-email-alan.carew@intel.com>", "References": "<1412003903-9061-1-git-send-email-alan.carew@intel.com>", "Subject": "[dpdk-dev] [PATCH v2] librte_cmdline: FreeBSD Fix oveflow when size\n\tof command result structure is greater than BUFSIZ", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "patches and discussions about DPDK <dev.dpdk.org>", "List-Unsubscribe": "<http://dpdk.org/ml/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://dpdk.org/ml/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<http://dpdk.org/ml/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "When using test-pmd with flow director in FreeBSD, the application will\nsegfault/Bus error while parsing the command-line. This is due to how\neach commands result structure is represented during parsing, where the offsets\nfor each tokens value is stored in a character array(char result_buf[BUFSIZ])\nin cmdline_parse()(./lib/librte_cmdline/cmdline_parse.c).\n\nThe overflow occurs where BUFSIZ is less than the size of a commands result\nstructure, in this case \"struct cmd_pkt_filter_result\"\n(app/test-pmd/cmdline.c) is 1088 bytes and BUFSIZ on FreeBSD is 1024 bytes as\nopposed to 8192 bytes on Linux.\n\nThe problem can be reproduced by running test-pmd on FreeBSD:\n./testpmd -c 0x3 -n 4 -- -i --portmask=0x3 --pkt-filter-mode=perfect\nAnd adding a filter:\nadd_perfect_filter 0 udp src 192.168.0.0 1024 dst 192.168.0.0 1024 flexbytes\n0x800 vlan 0 queue 0 soft 0x17\n\nThis patch removes the OS dependency on BUFSIZ and defines and uses a\nlibrary #define CMDLINE_PARSE_RESULT_BUFSIZE 8192\n\nAdded boundary checking to ensure this buffer size cannot overflow, with\nan error message being produced.\n\nSuggested-by: Olivier MATZ <olivier.matz@6wind.com>\nhttp://git.droids-corp.org/?p=libcmdline.git;a=commitdiff;h=b1d5b169352e57df3fc14c51ffad4b83f3e5613f\n\nSigned-off-by: Alan Carew <alan.carew@intel.com>\n---\n lib/librte_cmdline/cmdline_parse.c | 22 +++++++++++++++-------\n lib/librte_cmdline/cmdline_parse.h | 3 +++\n 2 files changed, 18 insertions(+), 7 deletions(-)", "diff": "diff --git a/lib/librte_cmdline/cmdline_parse.c b/lib/librte_cmdline/cmdline_parse.c\nindex 940480d..f86f163 100644\n--- a/lib/librte_cmdline/cmdline_parse.c\n+++ b/lib/librte_cmdline/cmdline_parse.c\n@@ -138,7 +138,7 @@ nb_common_chars(const char * s1, const char * s2)\n */\n static int\n match_inst(cmdline_parse_inst_t *inst, const char *buf,\n-\t unsigned int nb_match_token, void * result_buf)\n+\t unsigned int nb_match_token, void *result_buf, unsigned result_buf_size)\n {\n \tunsigned int token_num=0;\n \tcmdline_parse_token_hdr_t * token_p;\n@@ -162,10 +162,18 @@ match_inst(cmdline_parse_inst_t *inst, const char *buf,\n \t\tif ( isendofline(*buf) || iscomment(*buf) )\n \t\t\tbreak;\n \n-\t\tif (result_buf)\n+\t\tif (result_buf) {\n+\t\t\tif (token_hdr.offset > result_buf_size) {\n+\t\t\t\tprintf(\"Parse error(%s:%d): Token offset(%u) exceeds maximum \"\n+\t\t\t\t\"size(%u)\\n\", __FILE__, __LINE__, token_hdr.offset,\n+\t\t\t\tresult_buf_size);\n+\t\t\t\treturn -ENOBUFS;\n+\t\t\t}\n+\n \t\t\tn = token_hdr.ops->parse(token_p, buf,\n \t\t\t\t\t\t (char *)result_buf +\n \t\t\t\t\t\t token_hdr.offset);\n+\t\t}\n \t\telse\n \t\t\tn = token_hdr.ops->parse(token_p, buf, NULL);\n \n@@ -219,7 +227,7 @@ cmdline_parse(struct cmdline *cl, const char * buf)\n \tunsigned int inst_num=0;\n \tcmdline_parse_inst_t *inst;\n \tconst char *curbuf;\n-\tchar result_buf[BUFSIZ];\n+\tchar result_buf[CMDLINE_PARSE_RESULT_BUFSIZE];\n \tvoid (*f)(void *, struct cmdline *, void *) = NULL;\n \tvoid *data = NULL;\n \tint comment = 0;\n@@ -280,7 +288,7 @@ cmdline_parse(struct cmdline *cl, const char * buf)\n \t\tdebug_printf(\"INST %d\\n\", inst_num);\n \n \t\t/* fully parsed */\n-\t\ttok = match_inst(inst, buf, 0, result_buf);\n+\t\ttok = match_inst(inst, buf, 0, result_buf, sizeof(result_buf));\n \n \t\tif (tok > 0) /* we matched at least one token */\n \t\t\terr = CMDLINE_PARSE_BAD_ARGS;\n@@ -377,10 +385,10 @@ cmdline_complete(struct cmdline *cl, const char *buf, int *state,\n \t\tinst = ctx[inst_num];\n \t\twhile (inst) {\n \t\t\t/* parse the first tokens of the inst */\n-\t\t\tif (nb_token && match_inst(inst, buf, nb_token, NULL))\n+\t\t\tif (nb_token && match_inst(inst, buf, nb_token, NULL, 0))\n \t\t\t\tgoto next;\n \n-\t\t\tdebug_printf(\"instruction match \\n\");\n+\t\t\tdebug_printf(\"instruction match\\n\");\n \t\t\ttoken_p = inst->tokens[nb_token];\n \t\t\tif (token_p)\n \t\t\t\tmemcpy(&token_hdr, token_p, sizeof(token_hdr));\n@@ -471,7 +479,7 @@ cmdline_complete(struct cmdline *cl, const char *buf, int *state,\n \t\t/* we need to redo it */\n \t\tinst = ctx[inst_num];\n \n-\t\tif (nb_token && match_inst(inst, buf, nb_token, NULL))\n+\t\tif (nb_token && match_inst(inst, buf, nb_token, NULL, 0))\n \t\t\tgoto next2;\n \n \t\ttoken_p = inst->tokens[nb_token];\ndiff --git a/lib/librte_cmdline/cmdline_parse.h b/lib/librte_cmdline/cmdline_parse.h\nindex f18836d..dae53ba 100644\n--- a/lib/librte_cmdline/cmdline_parse.h\n+++ b/lib/librte_cmdline/cmdline_parse.h\n@@ -80,6 +80,9 @@ extern \"C\" {\n #define CMDLINE_PARSE_COMPLETE_AGAIN 1\n #define CMDLINE_PARSE_COMPLETED_BUFFER 2\n \n+/* maximum buffer size for parsed result */\n+#define CMDLINE_PARSE_RESULT_BUFSIZE 8192\n+\n /**\n * Stores a pointer to the ops struct, and the offset: the place to\n * write the parsed result in the destination structure.\n", "prefixes": [ "dpdk-dev", "v2" ] }{ "id": 1229, "url": "