diff mbox series

bonding: fix overflow check

Message ID 1619083366-63417-1-git-send-email-humin29@huawei.com (mailing list archive)
State Superseded
Delegated to: Ferruh Yigit
Headers show
Series bonding: fix overflow check | expand

Checks

Context Check Description
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-abi-testing success Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-testing success Testing PASS
ci/intel-Testing success Testing PASS
ci/Intel-compilation success Compilation OK
ci/github-robot success github build: passed
ci/checkpatch warning coding style issues

Commit Message

Min Hu (Connor) April 22, 2021, 9:22 a.m. UTC
Buffer 'test_params->slave_port_ids' of size 6 accessed may
overflow, since its index 'i' can have value be is out of range.

This patch fixed it.

Fixes: 92073ef961ee ("bond: unit tests")
Cc: stable@dpdk.org

Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
---
 app/test/test_link_bonding.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Ferruh Yigit April 26, 2021, 3:08 p.m. UTC | #1
On 4/22/2021 10:22 AM, Min Hu (Connor) wrote:
> Buffer 'test_params->slave_port_ids' of size 6 accessed may
> overflow, since its index 'i' can have value be is out of range.
> 
> This patch fixed it.
> 
> Fixes: 92073ef961ee ("bond: unit tests")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
> ---
>  app/test/test_link_bonding.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/app/test/test_link_bonding.c b/app/test/test_link_bonding.c
> index 8a5c831..b5a6042 100644
> --- a/app/test/test_link_bonding.c
> +++ b/app/test/test_link_bonding.c
> @@ -2216,7 +2216,8 @@ test_activebackup_rx_burst(void)
>  			"failed to get primary slave for bonded port (%d)",
>  			test_params->bonded_port_id);
>  
> -	for (i = 0; i < test_params->bonded_slave_count; i++) {
> +	for (i = 0; i < test_params->bonded_slave_count &&
> +		i < TEST_MAX_NUMBER_OF_PORTS; i++) {
>  		/* Generate test bursts of packets to transmit */
>  		TEST_ASSERT_EQUAL(generate_test_burst(
>  				&gen_pkt_burst[0], burst_size, 0, 1, 0, 0, 0),
> 

Hi Connor,

There is nothing wrong with the check you add, but at first place how
'test_params->bonded_slave_count' can become bigger than
'TEST_MAX_NUMBER_OF_PORTS'? Should we fix there, instead of this loop?

Also in same function, there are a few more loops iterate until " <
test_params->bonded_slave_count", so fixing the root case works for them too.
Min Hu (Connor) April 27, 2021, 1:41 a.m. UTC | #2
在 2021/4/26 23:08, Ferruh Yigit 写道:
> On 4/22/2021 10:22 AM, Min Hu (Connor) wrote:
>> Buffer 'test_params->slave_port_ids' of size 6 accessed may
>> overflow, since its index 'i' can have value be is out of range.
>>
>> This patch fixed it.
>>
>> Fixes: 92073ef961ee ("bond: unit tests")
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Min Hu (Connor) <humin29@huawei.com>
>> ---
>>   app/test/test_link_bonding.c | 3 ++-
>>   1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/app/test/test_link_bonding.c b/app/test/test_link_bonding.c
>> index 8a5c831..b5a6042 100644
>> --- a/app/test/test_link_bonding.c
>> +++ b/app/test/test_link_bonding.c
>> @@ -2216,7 +2216,8 @@ test_activebackup_rx_burst(void)
>>   			"failed to get primary slave for bonded port (%d)",
>>   			test_params->bonded_port_id);
>>   
>> -	for (i = 0; i < test_params->bonded_slave_count; i++) {
>> +	for (i = 0; i < test_params->bonded_slave_count &&
>> +		i < TEST_MAX_NUMBER_OF_PORTS; i++) {
>>   		/* Generate test bursts of packets to transmit */
>>   		TEST_ASSERT_EQUAL(generate_test_burst(
>>   				&gen_pkt_burst[0], burst_size, 0, 1, 0, 0, 0),
>>
> 
> Hi Connor,
> 
> There is nothing wrong with the check you add, but at first place how
> 'test_params->bonded_slave_count' can become bigger than
> 'TEST_MAX_NUMBER_OF_PORTS'? Should we fix there, instead of this loop?
> 
> Also in same function, there are a few more loops iterate until " <
> test_params->bonded_slave_count", so fixing the root case works for them too.
> 
Hi, fixed in v2, thanks.
>
diff mbox series

Patch

diff --git a/app/test/test_link_bonding.c b/app/test/test_link_bonding.c
index 8a5c831..b5a6042 100644
--- a/app/test/test_link_bonding.c
+++ b/app/test/test_link_bonding.c
@@ -2216,7 +2216,8 @@  test_activebackup_rx_burst(void)
 			"failed to get primary slave for bonded port (%d)",
 			test_params->bonded_port_id);
 
-	for (i = 0; i < test_params->bonded_slave_count; i++) {
+	for (i = 0; i < test_params->bonded_slave_count &&
+		i < TEST_MAX_NUMBER_OF_PORTS; i++) {
 		/* Generate test bursts of packets to transmit */
 		TEST_ASSERT_EQUAL(generate_test_burst(
 				&gen_pkt_burst[0], burst_size, 0, 1, 0, 0, 0),