[v3] net/ring: fix unchecked return value
Checks
Commit Message
Add a check for the return value of the sscanf call in
parse_internal_args(), returning an error if we don't get the expected
result.
Coverity issue: 362049
Fixes: 96cb19521147 ("net/ring: use EAL APIs in PMD specific API")
Cc: stable@dpdk.org
Signed-off-by: Kevin Laatz <kevin.laatz@intel.com>
---
v2: added consumed characters count check
v3: add more improved checks
---
drivers/net/ring/rte_eth_ring.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
Comments
On 10/13/2020 2:07 PM, Kevin Laatz wrote:
> Add a check for the return value of the sscanf call in
> parse_internal_args(), returning an error if we don't get the expected
> result.
>
> Coverity issue: 362049
> Fixes: 96cb19521147 ("net/ring: use EAL APIs in PMD specific API")
> Cc: stable@dpdk.org
>
> Signed-off-by: Kevin Laatz <kevin.laatz@intel.com>
<...>
> +#define ETH_RING_INTERNAL_ARG_MAX_LEN 19
Added following comment while merging: /* "0x..16chars..\0" */
<...>
> - sscanf(value, "%p", &args);
> + /* make sure 'value' is valid pointer length */
> + if (strnlen(value, ETH_RING_INTERNAL_ARG_MAX_LEN) >=
> + ETH_RING_INTERNAL_ARG_MAX_LEN) {
> + PMD_LOG(ERR, "Error parsing internal args, 'value' too long");
'value' is variable name and may not fit to the debug log.
Replaced with "..., argument is too long" while merging.
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Applied to dpdk-next-net/main, thanks.
@@ -16,6 +16,7 @@
#define ETH_RING_ACTION_CREATE "CREATE"
#define ETH_RING_ACTION_ATTACH "ATTACH"
#define ETH_RING_INTERNAL_ARG "internal"
+#define ETH_RING_INTERNAL_ARG_MAX_LEN 19
static const char *valid_arguments[] = {
ETH_RING_NUMA_NODE_ACTION_ARG,
@@ -538,8 +539,21 @@ parse_internal_args(const char *key __rte_unused, const char *value,
{
struct ring_internal_args **internal_args = data;
void *args;
+ int ret, n;
- sscanf(value, "%p", &args);
+ /* make sure 'value' is valid pointer length */
+ if (strnlen(value, ETH_RING_INTERNAL_ARG_MAX_LEN) >=
+ ETH_RING_INTERNAL_ARG_MAX_LEN) {
+ PMD_LOG(ERR, "Error parsing internal args, 'value' too long");
+ return -1;
+ }
+
+ ret = sscanf(value, "%p%n", &args, &n);
+ if (ret == 0 || (size_t)n != strlen(value)) {
+ PMD_LOG(ERR, "Error parsing internal args");
+
+ return -1;
+ }
*internal_args = args;