From patchwork Tue Jul 27 08:14:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yu, DapengX" X-Patchwork-Id: 96319 X-Patchwork-Delegate: ferruh.yigit@amd.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7768AA0C47; Tue, 27 Jul 2021 10:15:23 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B4371410F7; Tue, 27 Jul 2021 10:15:22 +0200 (CEST) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mails.dpdk.org (Postfix) with ESMTP id 32ED3410EC; Tue, 27 Jul 2021 10:15:20 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10057"; a="191990404" X-IronPort-AV: E=Sophos;i="5.84,272,1620716400"; d="scan'208";a="191990404" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jul 2021 01:15:15 -0700 X-IronPort-AV: E=Sophos;i="5.84,272,1620716400"; d="scan'208";a="505398586" Received: from unknown (HELO localhost.localdomain) ([10.240.183.93]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jul 2021 01:15:13 -0700 From: dapengx.yu@intel.com To: Jasvinder Singh , Cristian Dumitrescu Cc: dev@dpdk.org, Dapeng Yu , stable@dpdk.org Date: Tue, 27 Jul 2021 16:14:59 +0800 Message-Id: <20210727081459.1145664-1-dapengx.yu@intel.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH] net/softnic: fix null pointer dereference X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Dapeng Yu When there is no "firmware" in arguments, the "firmware" pointer is null, and will be dereferenced by rte_strscpy(). This patch moves the code block which copies character string from "firmware" to "p->firmware" into the "if" statements where "firmware" argument exists and it is duplicated successfully. Coverity issue: 372136 Fixes: d8f852f5f369 ("net/softnic: fix memory leak in arguments parsing") Cc: stable@dpdk.org Signed-off-by: Dapeng Yu Acked-by: Jasvinder Singh --- drivers/net/softnic/rte_eth_softnic.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/drivers/net/softnic/rte_eth_softnic.c b/drivers/net/softnic/rte_eth_softnic.c index 0aa7147b13..b3b55b9035 100644 --- a/drivers/net/softnic/rte_eth_softnic.c +++ b/drivers/net/softnic/rte_eth_softnic.c @@ -479,17 +479,19 @@ pmd_parse_args(struct pmd_params *p, const char *params) &get_string, &firmware); if (ret < 0) goto out_free; - } - if (rte_strscpy(p->firmware, firmware, - sizeof(p->firmware)) < 0) { - PMD_LOG(WARNING, - "\"%s\": firmware path should be shorter than %zu", - firmware, sizeof(p->firmware)); + + if (rte_strscpy(p->firmware, firmware, + sizeof(p->firmware)) < 0) { + PMD_LOG(WARNING, + "\"%s\": " + "firmware path should be shorter than %zu", + firmware, sizeof(p->firmware)); + free(firmware); + ret = -EINVAL; + goto out_free; + } free(firmware); - ret = -EINVAL; - goto out_free; } - free(firmware); /* Connection listening port (optional) */ if (rte_kvargs_count(kvlist, PMD_PARAM_CONN_PORT) == 1) { ret = rte_kvargs_process(kvlist, PMD_PARAM_CONN_PORT,