[dpdk-dev,v3] librte_cmdline: FreeBSD Fix oveflow when size of command result structure is greater than BUFSIZ
Commit Message
From: Alan Carew <alan.carew@intel.com>
When using test-pmd with flow director in FreeBSD, the application will
segfault/Bus error while parsing the command-line. This is due to how
each commands result structure is represented during parsing, where the offsets
for each tokens value is stored in a character array(char result_buf[BUFSIZ])
in cmdline_parse()(./lib/librte_cmdline/cmdline_parse.c).
The overflow occurs where BUFSIZ is less than the size of a commands result
structure, in this case "struct cmd_pkt_filter_result"
(app/test-pmd/cmdline.c) is 1088 bytes and BUFSIZ on FreeBSD is 1024 bytes as
opposed to 8192 bytes on Linux.
The problem can be reproduced by running test-pmd on FreeBSD:
./testpmd -c 0x3 -n 4 -- -i --portmask=0x3 --pkt-filter-mode=perfect
And adding a filter:
add_perfect_filter 0 udp src 192.168.0.0 1024 dst 192.168.0.0 1024 flexbytes
0x800 vlan 0 queue 0 soft 0x17
This patch removes the OS dependency on BUFSIZ and defines and uses a
library #define CMDLINE_PARSE_RESULT_BUFSIZE 8192
Added boundary checking to ensure this buffer size cannot overflow, with
an error message being produced.
Suggested-by: Olivier MATZ <olivier.matz@6wind.com>
http://git.droids-corp.org/?p=libcmdline.git;a=commitdiff;h=b1d5b169352e57df3fc14c51ffad4b83f3e5613f
Signed-off-by: Alan Carew <alan.carew@intel.com>
Signed-off-by: Olivier MATZ <olivier.matz@6wind.com>
---
app/test-pmd/parameters.c | 6 +++--
app/test/test_cmdline_etheraddr.c | 13 +++++-----
app/test/test_cmdline_ipaddr.c | 27 ++++++++++++--------
app/test/test_cmdline_num.c | 31 +++++++++++++----------
app/test/test_cmdline_portlist.c | 13 +++++-----
app/test/test_cmdline_string.c | 13 ++++++----
examples/cmdline/parse_obj_list.c | 6 ++++-
examples/cmdline/parse_obj_list.h | 3 ++-
examples/vhost_xen/xenstore_parse.c | 5 ++--
lib/librte_cmdline/cmdline_parse.c | 35 ++++++++++++++++---------
lib/librte_cmdline/cmdline_parse.h | 11 +++++---
lib/librte_cmdline/cmdline_parse_etheraddr.c | 5 +++-
lib/librte_cmdline/cmdline_parse_etheraddr.h | 4 +--
lib/librte_cmdline/cmdline_parse_ipaddr.c | 6 ++++-
lib/librte_cmdline/cmdline_parse_ipaddr.h | 4 +--
lib/librte_cmdline/cmdline_parse_num.c | 38 +++++++++++++++++++++++++++-
lib/librte_cmdline/cmdline_parse_num.h | 4 +--
lib/librte_cmdline/cmdline_parse_portlist.c | 5 +++-
lib/librte_cmdline/cmdline_parse_portlist.h | 4 +--
lib/librte_cmdline/cmdline_parse_string.c | 6 ++++-
lib/librte_cmdline/cmdline_parse_string.h | 2 +-
lib/librte_pmd_bond/rte_eth_bond_args.c | 3 ++-
22 files changed, 168 insertions(+), 76 deletions(-)
Comments
On Fri, Dec 05, 2014 at 03:19:07PM +0100, Olivier Matz wrote:
> From: Alan Carew <alan.carew@intel.com>
>
> When using test-pmd with flow director in FreeBSD, the application will
> segfault/Bus error while parsing the command-line. This is due to how
> each commands result structure is represented during parsing, where the offsets
> for each tokens value is stored in a character array(char result_buf[BUFSIZ])
> in cmdline_parse()(./lib/librte_cmdline/cmdline_parse.c).
>
> The overflow occurs where BUFSIZ is less than the size of a commands result
> structure, in this case "struct cmd_pkt_filter_result"
> (app/test-pmd/cmdline.c) is 1088 bytes and BUFSIZ on FreeBSD is 1024 bytes as
> opposed to 8192 bytes on Linux.
>
> The problem can be reproduced by running test-pmd on FreeBSD:
> ./testpmd -c 0x3 -n 4 -- -i --portmask=0x3 --pkt-filter-mode=perfect
> And adding a filter:
> add_perfect_filter 0 udp src 192.168.0.0 1024 dst 192.168.0.0 1024 flexbytes
> 0x800 vlan 0 queue 0 soft 0x17
>
> This patch removes the OS dependency on BUFSIZ and defines and uses a
> library #define CMDLINE_PARSE_RESULT_BUFSIZE 8192
>
> Added boundary checking to ensure this buffer size cannot overflow, with
> an error message being produced.
>
> Suggested-by: Olivier MATZ <olivier.matz@6wind.com>
> http://git.droids-corp.org/?p=libcmdline.git;a=commitdiff;h=b1d5b169352e57df3fc14c51ffad4b83f3e5613f
>
> Signed-off-by: Alan Carew <alan.carew@intel.com>
> Signed-off-by: Olivier MATZ <olivier.matz@6wind.com>
Tested on FreeBSD 10 and this patch fixes the issue described.
Tested-by: Bruce Richardson <bruce.richardson@intel.com>
> ---
> app/test-pmd/parameters.c | 6 +++--
> app/test/test_cmdline_etheraddr.c | 13 +++++-----
> app/test/test_cmdline_ipaddr.c | 27 ++++++++++++--------
> app/test/test_cmdline_num.c | 31 +++++++++++++----------
> app/test/test_cmdline_portlist.c | 13 +++++-----
> app/test/test_cmdline_string.c | 13 ++++++----
> examples/cmdline/parse_obj_list.c | 6 ++++-
> examples/cmdline/parse_obj_list.h | 3 ++-
> examples/vhost_xen/xenstore_parse.c | 5 ++--
> lib/librte_cmdline/cmdline_parse.c | 35 ++++++++++++++++---------
> lib/librte_cmdline/cmdline_parse.h | 11 +++++---
> lib/librte_cmdline/cmdline_parse_etheraddr.c | 5 +++-
> lib/librte_cmdline/cmdline_parse_etheraddr.h | 4 +--
> lib/librte_cmdline/cmdline_parse_ipaddr.c | 6 ++++-
> lib/librte_cmdline/cmdline_parse_ipaddr.h | 4 +--
> lib/librte_cmdline/cmdline_parse_num.c | 38 +++++++++++++++++++++++++++-
> lib/librte_cmdline/cmdline_parse_num.h | 4 +--
> lib/librte_cmdline/cmdline_parse_portlist.c | 5 +++-
> lib/librte_cmdline/cmdline_parse_portlist.h | 4 +--
> lib/librte_cmdline/cmdline_parse_string.c | 6 ++++-
> lib/librte_cmdline/cmdline_parse_string.h | 2 +-
> lib/librte_pmd_bond/rte_eth_bond_args.c | 3 ++-
> 22 files changed, 168 insertions(+), 76 deletions(-)
>
> diff --git a/app/test-pmd/parameters.c b/app/test-pmd/parameters.c
> index 9573a43..8558985 100644
> --- a/app/test-pmd/parameters.c
> +++ b/app/test-pmd/parameters.c
> @@ -223,7 +223,8 @@ init_peer_eth_addrs(char *config_filename)
> if (fgets(buf, sizeof(buf), config_file) == NULL)
> break;
>
> - if (cmdline_parse_etheraddr(NULL, buf, &peer_eth_addrs[i]) < 0 ){
> + if (cmdline_parse_etheraddr(NULL, buf, &peer_eth_addrs[i],
> + sizeof(peer_eth_addrs[i])) < 0 ){
> printf("Bad MAC address format on line %d\n", i+1);
> fclose(config_file);
> return -1;
> @@ -658,7 +659,8 @@ launch_args_parse(int argc, char** argv)
> "eth-peer: port %d >= RTE_MAX_ETHPORTS(%d)\n",
> n, RTE_MAX_ETHPORTS);
>
> - if (cmdline_parse_etheraddr(NULL, port_end, &peer_addr) < 0 )
> + if (cmdline_parse_etheraddr(NULL, port_end,
> + &peer_addr, sizeof(peer_addr)) < 0 )
> rte_exit(EXIT_FAILURE,
> "Invalid ethernet address: %s\n",
> port_end);
> diff --git a/app/test/test_cmdline_etheraddr.c b/app/test/test_cmdline_etheraddr.c
> index 45c61ff..e4f4231 100644
> --- a/app/test/test_cmdline_etheraddr.c
> +++ b/app/test/test_cmdline_etheraddr.c
> @@ -130,14 +130,15 @@ test_parse_etheraddr_invalid_param(void)
> int ret = 0;
>
> /* try all null */
> - ret = cmdline_parse_etheraddr(NULL, NULL, NULL);
> + ret = cmdline_parse_etheraddr(NULL, NULL, NULL, 0);
> if (ret != -1) {
> printf("Error: parser accepted null parameters!\n");
> return -1;
> }
>
> /* try null buf */
> - ret = cmdline_parse_etheraddr(NULL, NULL, (void*)&result);
> + ret = cmdline_parse_etheraddr(NULL, NULL, (void*)&result,
> + sizeof(result));
> if (ret != -1) {
> printf("Error: parser accepted null string!\n");
> return -1;
> @@ -149,7 +150,7 @@ test_parse_etheraddr_invalid_param(void)
> snprintf(buf, sizeof(buf), "%s",
> ether_addr_valid_strs[0].str);
>
> - ret = cmdline_parse_etheraddr(NULL, buf, NULL);
> + ret = cmdline_parse_etheraddr(NULL, buf, NULL, 0);
> if (ret == -1) {
> printf("Error: parser rejected null result!\n");
> return -1;
> @@ -185,7 +186,7 @@ test_parse_etheraddr_invalid_data(void)
> memset(&result, 0, sizeof(struct ether_addr));
>
> ret = cmdline_parse_etheraddr(NULL, ether_addr_invalid_strs[i],
> - (void*)&result);
> + (void*)&result, sizeof(result));
> if (ret != -1) {
> printf("Error: parsing %s succeeded!\n",
> ether_addr_invalid_strs[i]);
> @@ -210,7 +211,7 @@ test_parse_etheraddr_valid(void)
> memset(&result, 0, sizeof(struct ether_addr));
>
> ret = cmdline_parse_etheraddr(NULL, ether_addr_valid_strs[i].str,
> - (void*)&result);
> + (void*)&result, sizeof(result));
> if (ret < 0) {
> printf("Error: parsing %s failed!\n",
> ether_addr_valid_strs[i].str);
> @@ -229,7 +230,7 @@ test_parse_etheraddr_valid(void)
> memset(&result, 0, sizeof(struct ether_addr));
>
> ret = cmdline_parse_etheraddr(NULL, ether_addr_garbage_strs[i],
> - (void*)&result);
> + (void*)&result, sizeof(result));
> if (ret < 0) {
> printf("Error: parsing %s failed!\n",
> ether_addr_garbage_strs[i]);
> diff --git a/app/test/test_cmdline_ipaddr.c b/app/test/test_cmdline_ipaddr.c
> index 4ce928d..471d2ff 100644
> --- a/app/test/test_cmdline_ipaddr.c
> +++ b/app/test/test_cmdline_ipaddr.c
> @@ -425,7 +425,8 @@ test_parse_ipaddr_valid(void)
> buf, sizeof(buf));
>
> ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
> - ipaddr_valid_strs[i].str, (void*)&result);
> + ipaddr_valid_strs[i].str, (void*)&result,
> + sizeof(result));
>
> /* if should have passed, or should have failed */
> if ((ret < 0) ==
> @@ -474,7 +475,8 @@ test_parse_ipaddr_valid(void)
> buf, sizeof(buf));
>
> ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
> - ipaddr_garbage_addr4_strs[i], (void*)&result);
> + ipaddr_garbage_addr4_strs[i], (void*)&result,
> + sizeof(result));
>
> /* if should have passed, or should have failed */
> if ((ret < 0) ==
> @@ -515,7 +517,8 @@ test_parse_ipaddr_valid(void)
> buf, sizeof(buf));
>
> ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
> - ipaddr_garbage_addr6_strs[i], (void*)&result);
> + ipaddr_garbage_addr6_strs[i], (void*)&result,
> + sizeof(result));
>
> /* if should have passed, or should have failed */
> if ((ret < 0) ==
> @@ -557,7 +560,8 @@ test_parse_ipaddr_valid(void)
> buf, sizeof(buf));
>
> ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
> - ipaddr_garbage_network4_strs[i], (void*)&result);
> + ipaddr_garbage_network4_strs[i], (void*)&result,
> + sizeof(result));
>
> /* if should have passed, or should have failed */
> if ((ret < 0) ==
> @@ -598,7 +602,8 @@ test_parse_ipaddr_valid(void)
> buf, sizeof(buf));
>
> ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
> - ipaddr_garbage_network6_strs[i], (void*)&result);
> + ipaddr_garbage_network6_strs[i], (void*)&result,
> + sizeof(result));
>
> /* if should have passed, or should have failed */
> if ((ret < 0) ==
> @@ -651,7 +656,8 @@ test_parse_ipaddr_invalid_data(void)
> buf, sizeof(buf));
>
> ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
> - ipaddr_invalid_strs[i], (void*)&result);
> + ipaddr_invalid_strs[i], (void*)&result,
> + sizeof(result));
>
> if (ret != -1) {
> printf("Error: parsing %s as %s succeeded!\n",
> @@ -677,25 +683,26 @@ test_parse_ipaddr_invalid_param(void)
> token.ipaddr_data.flags = CMDLINE_IPADDR_V4;
>
> /* null token */
> - if (cmdline_parse_ipaddr(NULL, buf, (void*)&result) != -1) {
> + if (cmdline_parse_ipaddr(NULL, buf, (void*)&result,
> + sizeof(result)) != -1) {
> printf("Error: parser accepted invalid parameters!\n");
> return -1;
> }
> /* null buffer */
> if (cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
> - NULL, (void*)&result) != -1) {
> + NULL, (void*)&result, sizeof(result)) != -1) {
> printf("Error: parser accepted invalid parameters!\n");
> return -1;
> }
> /* empty buffer */
> if (cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
> - "", (void*)&result) != -1) {
> + "", (void*)&result, sizeof(result)) != -1) {
> printf("Error: parser accepted invalid parameters!\n");
> return -1;
> }
> /* null result */
> if (cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
> - buf, NULL) == -1) {
> + buf, NULL, 0) == -1) {
> printf("Error: parser rejected null result!\n");
> return -1;
> }
> diff --git a/app/test/test_cmdline_num.c b/app/test/test_cmdline_num.c
> index 799d68c..04263d3 100644
> --- a/app/test/test_cmdline_num.c
> +++ b/app/test/test_cmdline_num.c
> @@ -350,14 +350,14 @@ test_parse_num_invalid_param(void)
> num_valid_positive_strs[0].str);
>
> /* try all null */
> - ret = cmdline_parse_num(NULL, NULL, NULL);
> + ret = cmdline_parse_num(NULL, NULL, NULL, 0);
> if (ret != -1) {
> printf("Error: parser accepted null parameters!\n");
> return -1;
> }
>
> /* try null token */
> - ret = cmdline_parse_num(NULL, buf, (void*)&result);
> + ret = cmdline_parse_num(NULL, buf, (void*)&result, sizeof(result));
> if (ret != -1) {
> printf("Error: parser accepted null token!\n");
> return -1;
> @@ -365,14 +365,15 @@ test_parse_num_invalid_param(void)
>
> /* try null buf */
> ret = cmdline_parse_num((cmdline_parse_token_hdr_t*)&token, NULL,
> - (void*)&result);
> + (void*)&result, sizeof(result));
> if (ret != -1) {
> printf("Error: parser accepted null string!\n");
> return -1;
> }
>
> /* try null result */
> - ret = cmdline_parse_num((cmdline_parse_token_hdr_t*)&token, buf, NULL);
> + ret = cmdline_parse_num((cmdline_parse_token_hdr_t*)&token, buf,
> + NULL, 0);
> if (ret == -1) {
> printf("Error: parser rejected null result!\n");
> return -1;
> @@ -426,7 +427,7 @@ test_parse_num_invalid_data(void)
> memset(&buf, 0, sizeof(buf));
>
> ret = cmdline_parse_num((cmdline_parse_token_hdr_t*)&token,
> - num_invalid_strs[i], (void*)&result);
> + num_invalid_strs[i], (void*)&result, sizeof(result));
> if (ret != -1) {
> /* get some info about what we are trying to parse */
> cmdline_get_help_num((cmdline_parse_token_hdr_t*)&token,
> @@ -466,8 +467,9 @@ test_parse_num_valid(void)
> cmdline_get_help_num((cmdline_parse_token_hdr_t*)&token,
> buf, sizeof(buf));
>
> - ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token, num_valid_positive_strs[i].str,
> - (void*)&result);
> + ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token,
> + num_valid_positive_strs[i].str,
> + (void*)&result, sizeof(result));
>
> /* if it should have passed but didn't, or if it should have failed but didn't */
> if ((ret < 0) == (can_parse_unsigned(num_valid_positive_strs[i].result, type) > 0)) {
> @@ -493,8 +495,9 @@ test_parse_num_valid(void)
> cmdline_get_help_num((cmdline_parse_token_hdr_t*)&token,
> buf, sizeof(buf));
>
> - ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token, num_valid_negative_strs[i].str,
> - (void*)&result);
> + ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token,
> + num_valid_negative_strs[i].str,
> + (void*)&result, sizeof(result));
>
> /* if it should have passed but didn't, or if it should have failed but didn't */
> if ((ret < 0) == (can_parse_signed(num_valid_negative_strs[i].result, type) > 0)) {
> @@ -542,8 +545,9 @@ test_parse_num_valid(void)
> cmdline_get_help_num((cmdline_parse_token_hdr_t*)&token,
> buf, sizeof(buf));
>
> - ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token, num_garbage_positive_strs[i].str,
> - (void*)&result);
> + ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token,
> + num_garbage_positive_strs[i].str,
> + (void*)&result, sizeof(result));
>
> /* if it should have passed but didn't, or if it should have failed but didn't */
> if ((ret < 0) == (can_parse_unsigned(num_garbage_positive_strs[i].result, type) > 0)) {
> @@ -569,8 +573,9 @@ test_parse_num_valid(void)
> cmdline_get_help_num((cmdline_parse_token_hdr_t*)&token,
> buf, sizeof(buf));
>
> - ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token, num_garbage_negative_strs[i].str,
> - (void*)&result);
> + ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token,
> + num_garbage_negative_strs[i].str,
> + (void*)&result, sizeof(result));
>
> /* if it should have passed but didn't, or if it should have failed but didn't */
> if ((ret < 0) == (can_parse_signed(num_garbage_negative_strs[i].result, type) > 0)) {
> diff --git a/app/test/test_cmdline_portlist.c b/app/test/test_cmdline_portlist.c
> index 9f9633c..b9664b0 100644
> --- a/app/test/test_cmdline_portlist.c
> +++ b/app/test/test_cmdline_portlist.c
> @@ -139,21 +139,22 @@ test_parse_portlist_invalid_param(void)
> memset(&result, 0, sizeof(cmdline_portlist_t));
>
> /* try all null */
> - ret = cmdline_parse_portlist(NULL, NULL, NULL);
> + ret = cmdline_parse_portlist(NULL, NULL, NULL, 0);
> if (ret != -1) {
> printf("Error: parser accepted null parameters!\n");
> return -1;
> }
>
> /* try null buf */
> - ret = cmdline_parse_portlist(NULL, NULL, (void*)&result);
> + ret = cmdline_parse_portlist(NULL, NULL, (void*)&result,
> + sizeof(result));
> if (ret != -1) {
> printf("Error: parser accepted null string!\n");
> return -1;
> }
>
> /* try null result */
> - ret = cmdline_parse_portlist(NULL, portlist_valid_strs[0].str, NULL);
> + ret = cmdline_parse_portlist(NULL, portlist_valid_strs[0].str, NULL, 0);
> if (ret == -1) {
> printf("Error: parser rejected null result!\n");
> return -1;
> @@ -188,7 +189,7 @@ test_parse_portlist_invalid_data(void)
> memset(&result, 0, sizeof(cmdline_portlist_t));
>
> ret = cmdline_parse_portlist(NULL, portlist_invalid_strs[i],
> - (void*)&result);
> + (void*)&result, sizeof(result));
> if (ret != -1) {
> printf("Error: parsing %s succeeded!\n",
> portlist_invalid_strs[i]);
> @@ -213,7 +214,7 @@ test_parse_portlist_valid(void)
> memset(&result, 0, sizeof(cmdline_portlist_t));
>
> ret = cmdline_parse_portlist(NULL, portlist_valid_strs[i].str,
> - (void*)&result);
> + (void*)&result, sizeof(result));
> if (ret < 0) {
> printf("Error: parsing %s failed!\n",
> portlist_valid_strs[i].str);
> @@ -232,7 +233,7 @@ test_parse_portlist_valid(void)
> memset(&result, 0, sizeof(cmdline_portlist_t));
>
> ret = cmdline_parse_portlist(NULL, portlist_garbage_strs[i],
> - (void*)&result);
> + (void*)&result, sizeof(result));
> if (ret < 0) {
> printf("Error: parsing %s failed!\n",
> portlist_garbage_strs[i]);
> diff --git a/app/test/test_cmdline_string.c b/app/test/test_cmdline_string.c
> index 3ec0ce1..915a7d7 100644
> --- a/app/test/test_cmdline_string.c
> +++ b/app/test/test_cmdline_string.c
> @@ -178,7 +178,7 @@ test_parse_string_invalid_param(void)
> printf("Error: function accepted null token!\n");
> return -1;
> }
> - if (cmdline_parse_string(NULL, buf, NULL) != -1) {
> + if (cmdline_parse_string(NULL, buf, NULL, 0) != -1) {
> printf("Error: function accepted null token!\n");
> return -1;
> }
> @@ -189,7 +189,8 @@ test_parse_string_invalid_param(void)
> return -1;
> }
> if (cmdline_parse_string(
> - (cmdline_parse_token_hdr_t*)&token, NULL, (void*)&result) != -1) {
> + (cmdline_parse_token_hdr_t*)&token, NULL,
> + (void*)&result, sizeof(result)) != -1) {
> printf("Error: function accepted null buffer!\n");
> return -1;
> }
> @@ -200,7 +201,7 @@ test_parse_string_invalid_param(void)
> }
> /* test null result */
> if (cmdline_parse_string(
> - (cmdline_parse_token_hdr_t*)&token, buf, NULL) == -1) {
> + (cmdline_parse_token_hdr_t*)&token, buf, NULL, 0) == -1) {
> printf("Error: function rejected null result!\n");
> return -1;
> }
> @@ -233,7 +234,8 @@ test_parse_string_invalid_data(void)
> token.string_data.str = string_invalid_strs[i].fixed_str;
>
> if (cmdline_parse_string((cmdline_parse_token_hdr_t*)&token,
> - string_invalid_strs[i].str, (void*)buf) != -1) {
> + string_invalid_strs[i].str, (void*)buf,
> + sizeof(buf)) != -1) {
> memset(help_str, 0, sizeof(help_str));
> memset(&help_token, 0, sizeof(help_token));
>
> @@ -330,7 +332,8 @@ test_parse_string_valid(void)
> token.string_data.str = string_parse_strs[i].fixed_str;
>
> if (cmdline_parse_string((cmdline_parse_token_hdr_t*)&token,
> - string_parse_strs[i].str, (void*)buf) < 0) {
> + string_parse_strs[i].str, (void*)buf,
> + sizeof(buf)) < 0) {
>
> /* clean help data */
> memset(&help_token, 0, sizeof(help_token));
> diff --git a/examples/cmdline/parse_obj_list.c b/examples/cmdline/parse_obj_list.c
> index 2625ca3..cdbaf2f 100644
> --- a/examples/cmdline/parse_obj_list.c
> +++ b/examples/cmdline/parse_obj_list.c
> @@ -84,7 +84,8 @@ struct cmdline_token_ops token_obj_list_ops = {
> };
>
> int
> -parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
> +parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *buf, void *res,
> + unsigned ressize)
> {
> struct token_obj_list *tk2 = (struct token_obj_list *)tk;
> struct token_obj_list_data *tkd = &tk2->obj_list_data;
> @@ -94,6 +95,9 @@ parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
> if (*buf == 0)
> return -1;
>
> + if (res && ressize < sizeof(struct object *))
> + return -1;
> +
> while(!cmdline_isendoftoken(buf[token_len]))
> token_len++;
>
> diff --git a/examples/cmdline/parse_obj_list.h b/examples/cmdline/parse_obj_list.h
> index 297fec4..871c53a 100644
> --- a/examples/cmdline/parse_obj_list.h
> +++ b/examples/cmdline/parse_obj_list.h
> @@ -91,7 +91,8 @@ typedef struct token_obj_list parse_token_obj_list_t;
>
> extern struct cmdline_token_ops token_obj_list_ops;
>
> -int parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res);
> +int parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res,
> + unsigned ressize);
> int complete_get_nb_obj_list(cmdline_parse_token_hdr_t *tk);
> int complete_get_elt_obj_list(cmdline_parse_token_hdr_t *tk, int idx,
> char *dstbuf, unsigned int size);
> diff --git a/examples/vhost_xen/xenstore_parse.c b/examples/vhost_xen/xenstore_parse.c
> index fdd69b2..9441639 100644
> --- a/examples/vhost_xen/xenstore_parse.c
> +++ b/examples/vhost_xen/xenstore_parse.c
> @@ -77,7 +77,7 @@ struct grant_node_item {
> } __attribute__((packed));
>
> int cmdline_parse_etheraddr(void *tk, const char *srcbuf,
> - void *res);
> + void *res, unsigned ressize);
>
> /* Map grant ref refid at addr_ori*/
> static void *
> @@ -676,7 +676,8 @@ xen_parse_etheraddr(struct xen_vring *vring)
> if ((buf = xen_read_node(path, &len)) == NULL)
> goto out;
>
> - if (cmdline_parse_etheraddr(NULL, buf, &vring->addr) < 0)
> + if (cmdline_parse_etheraddr(NULL, buf, &vring->addr,
> + sizeof(vring->addr)) < 0)
> goto out;
> ret = 0;
> out:
> diff --git a/lib/librte_cmdline/cmdline_parse.c b/lib/librte_cmdline/cmdline_parse.c
> index 940480d..dfc885c 100644
> --- a/lib/librte_cmdline/cmdline_parse.c
> +++ b/lib/librte_cmdline/cmdline_parse.c
> @@ -138,7 +138,7 @@ nb_common_chars(const char * s1, const char * s2)
> */
> static int
> match_inst(cmdline_parse_inst_t *inst, const char *buf,
> - unsigned int nb_match_token, void * result_buf)
> + unsigned int nb_match_token, void *resbuf, unsigned resbuf_size)
> {
> unsigned int token_num=0;
> cmdline_parse_token_hdr_t * token_p;
> @@ -162,12 +162,23 @@ match_inst(cmdline_parse_inst_t *inst, const char *buf,
> if ( isendofline(*buf) || iscomment(*buf) )
> break;
>
> - if (result_buf)
> - n = token_hdr.ops->parse(token_p, buf,
> - (char *)result_buf +
> - token_hdr.offset);
> - else
> - n = token_hdr.ops->parse(token_p, buf, NULL);
> + if (resbuf == NULL) {
> + n = token_hdr.ops->parse(token_p, buf, NULL, 0);
> + } else {
> + unsigned rb_sz;
> +
> + if (token_hdr.offset > resbuf_size) {
> + printf("Parse error(%s:%d): Token offset(%u) "
> + "exceeds maximum size(%u)\n",
> + __FILE__, __LINE__,
> + token_hdr.offset, resbuf_size);
> + return -ENOBUFS;
> + }
> + rb_sz = resbuf_size - token_hdr.offset;
> +
> + n = token_hdr.ops->parse(token_p, buf, (char *)resbuf +
> + token_hdr.offset, rb_sz);
> + }
>
> if (n < 0)
> break;
> @@ -219,7 +230,7 @@ cmdline_parse(struct cmdline *cl, const char * buf)
> unsigned int inst_num=0;
> cmdline_parse_inst_t *inst;
> const char *curbuf;
> - char result_buf[BUFSIZ];
> + char result_buf[CMDLINE_PARSE_RESULT_BUFSIZE];
> void (*f)(void *, struct cmdline *, void *) = NULL;
> void *data = NULL;
> int comment = 0;
> @@ -280,7 +291,7 @@ cmdline_parse(struct cmdline *cl, const char * buf)
> debug_printf("INST %d\n", inst_num);
>
> /* fully parsed */
> - tok = match_inst(inst, buf, 0, result_buf);
> + tok = match_inst(inst, buf, 0, result_buf, sizeof(result_buf));
>
> if (tok > 0) /* we matched at least one token */
> err = CMDLINE_PARSE_BAD_ARGS;
> @@ -377,10 +388,10 @@ cmdline_complete(struct cmdline *cl, const char *buf, int *state,
> inst = ctx[inst_num];
> while (inst) {
> /* parse the first tokens of the inst */
> - if (nb_token && match_inst(inst, buf, nb_token, NULL))
> + if (nb_token && match_inst(inst, buf, nb_token, NULL, 0))
> goto next;
>
> - debug_printf("instruction match \n");
> + debug_printf("instruction match\n");
> token_p = inst->tokens[nb_token];
> if (token_p)
> memcpy(&token_hdr, token_p, sizeof(token_hdr));
> @@ -471,7 +482,7 @@ cmdline_complete(struct cmdline *cl, const char *buf, int *state,
> /* we need to redo it */
> inst = ctx[inst_num];
>
> - if (nb_token && match_inst(inst, buf, nb_token, NULL))
> + if (nb_token && match_inst(inst, buf, nb_token, NULL, 0))
> goto next2;
>
> token_p = inst->tokens[nb_token];
> diff --git a/lib/librte_cmdline/cmdline_parse.h b/lib/librte_cmdline/cmdline_parse.h
> index f18836d..4b25c45 100644
> --- a/lib/librte_cmdline/cmdline_parse.h
> +++ b/lib/librte_cmdline/cmdline_parse.h
> @@ -80,6 +80,9 @@ extern "C" {
> #define CMDLINE_PARSE_COMPLETE_AGAIN 1
> #define CMDLINE_PARSE_COMPLETED_BUFFER 2
>
> +/* maximum buffer size for parsed result */
> +#define CMDLINE_PARSE_RESULT_BUFSIZE 8192
> +
> /**
> * Stores a pointer to the ops struct, and the offset: the place to
> * write the parsed result in the destination structure.
> @@ -110,12 +113,14 @@ typedef struct cmdline_token_hdr cmdline_parse_token_hdr_t;
> * -1 on error and 0 on success.
> */
> struct cmdline_token_ops {
> - /** parse(token ptr, buf, res pts) */
> - int (*parse)(cmdline_parse_token_hdr_t *, const char *, void *);
> + /** parse(token ptr, buf, res pts, buf len) */
> + int (*parse)(cmdline_parse_token_hdr_t *, const char *, void *,
> + unsigned int);
> /** return the num of possible choices for this token */
> int (*complete_get_nb)(cmdline_parse_token_hdr_t *);
> /** return the elt x for this token (token, idx, dstbuf, size) */
> - int (*complete_get_elt)(cmdline_parse_token_hdr_t *, int, char *, unsigned int);
> + int (*complete_get_elt)(cmdline_parse_token_hdr_t *, int, char *,
> + unsigned int);
> /** get help for this token (token, dstbuf, size) */
> int (*get_help)(cmdline_parse_token_hdr_t *, char *, unsigned int);
> };
> diff --git a/lib/librte_cmdline/cmdline_parse_etheraddr.c b/lib/librte_cmdline/cmdline_parse_etheraddr.c
> index 5285c40..64ae86c 100644
> --- a/lib/librte_cmdline/cmdline_parse_etheraddr.c
> +++ b/lib/librte_cmdline/cmdline_parse_etheraddr.c
> @@ -137,12 +137,15 @@ my_ether_aton(const char *a)
>
> int
> cmdline_parse_etheraddr(__attribute__((unused)) cmdline_parse_token_hdr_t *tk,
> - const char *buf, void *res)
> + const char *buf, void *res, unsigned ressize)
> {
> unsigned int token_len = 0;
> char ether_str[ETHER_ADDRSTRLENLONG+1];
> struct ether_addr *tmp;
>
> + if (res && ressize < sizeof(struct ether_addr))
> + return -1;
> +
> if (!buf || ! *buf)
> return -1;
>
> diff --git a/lib/librte_cmdline/cmdline_parse_etheraddr.h b/lib/librte_cmdline/cmdline_parse_etheraddr.h
> index 4427e40..0085bb3 100644
> --- a/lib/librte_cmdline/cmdline_parse_etheraddr.h
> +++ b/lib/librte_cmdline/cmdline_parse_etheraddr.h
> @@ -73,9 +73,9 @@ typedef struct cmdline_token_etheraddr cmdline_parse_token_etheraddr_t;
> extern struct cmdline_token_ops cmdline_token_etheraddr_ops;
>
> int cmdline_parse_etheraddr(cmdline_parse_token_hdr_t *tk, const char *srcbuf,
> - void *res);
> + void *res, unsigned ressize);
> int cmdline_get_help_etheraddr(cmdline_parse_token_hdr_t *tk, char *dstbuf,
> - unsigned int size);
> + unsigned int size);
>
> #define TOKEN_ETHERADDR_INITIALIZER(structure, field) \
> { \
> diff --git a/lib/librte_cmdline/cmdline_parse_ipaddr.c b/lib/librte_cmdline/cmdline_parse_ipaddr.c
> index ac83514..7f33599 100644
> --- a/lib/librte_cmdline/cmdline_parse_ipaddr.c
> +++ b/lib/librte_cmdline/cmdline_parse_ipaddr.c
> @@ -306,7 +306,8 @@ inet_pton6(const char *src, unsigned char *dst)
> }
>
> int
> -cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
> +cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res,
> + unsigned ressize)
> {
> struct cmdline_token_ipaddr *tk2;
> unsigned int token_len = 0;
> @@ -315,6 +316,9 @@ cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
> char *prefix, *prefix_end;
> long prefixlen = 0;
>
> + if (res && ressize < sizeof(cmdline_ipaddr_t))
> + return -1;
> +
> if (!buf || !tk || ! *buf)
> return -1;
>
> diff --git a/lib/librte_cmdline/cmdline_parse_ipaddr.h b/lib/librte_cmdline/cmdline_parse_ipaddr.h
> index 0e2f490..296c374 100644
> --- a/lib/librte_cmdline/cmdline_parse_ipaddr.h
> +++ b/lib/librte_cmdline/cmdline_parse_ipaddr.h
> @@ -92,9 +92,9 @@ typedef struct cmdline_token_ipaddr cmdline_parse_token_ipaddr_t;
> extern struct cmdline_token_ops cmdline_token_ipaddr_ops;
>
> int cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *srcbuf,
> - void *res);
> + void *res, unsigned ressize);
> int cmdline_get_help_ipaddr(cmdline_parse_token_hdr_t *tk, char *dstbuf,
> - unsigned int size);
> + unsigned int size);
>
> #define TOKEN_IPADDR_INITIALIZER(structure, field) \
> { \
> diff --git a/lib/librte_cmdline/cmdline_parse_num.c b/lib/librte_cmdline/cmdline_parse_num.c
> index 0b9e4d0..1cf53d9 100644
> --- a/lib/librte_cmdline/cmdline_parse_num.c
> +++ b/lib/librte_cmdline/cmdline_parse_num.c
> @@ -119,10 +119,40 @@ add_to_res(unsigned int c, uint64_t *res, unsigned int base)
> return 0;
> }
>
> +static int
> +check_res_size(struct cmdline_token_num_data *nd, unsigned ressize)
> +{
> + switch (nd->type) {
> + case INT8:
> + case UINT8:
> + if (ressize < sizeof(int8_t))
> + return -1;
> + break;
> + case INT16:
> + case UINT16:
> + if (ressize < sizeof(int16_t))
> + return -1;
> + break;
> + case INT32:
> + case UINT32:
> + if (ressize < sizeof(int32_t))
> + return -1;
> + break;
> + case INT64:
> + case UINT64:
> + if (ressize < sizeof(int64_t))
> + return -1;
> + break;
> + default:
> + return -1;
> + }
> + return 0;
> +}
>
> /* parse an int */
> int
> -cmdline_parse_num(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res)
> +cmdline_parse_num(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res,
> + unsigned ressize)
> {
> struct cmdline_token_num_data nd;
> enum num_parse_state_t st = START;
> @@ -141,6 +171,12 @@ cmdline_parse_num(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res)
>
> memcpy(&nd, &((struct cmdline_token_num *)tk)->num_data, sizeof(nd));
>
> + /* check that we have enough room in res */
> + if (res) {
> + if (check_res_size(&nd, ressize) < 0)
> + return -1;
> + }
> +
> while ( st != ERROR && c && ! cmdline_isendoftoken(c) ) {
> debug_printf("%c %x -> ", c, c);
> switch (st) {
> diff --git a/lib/librte_cmdline/cmdline_parse_num.h b/lib/librte_cmdline/cmdline_parse_num.h
> index 77f2f9b..5376806 100644
> --- a/lib/librte_cmdline/cmdline_parse_num.h
> +++ b/lib/librte_cmdline/cmdline_parse_num.h
> @@ -89,9 +89,9 @@ typedef struct cmdline_token_num cmdline_parse_token_num_t;
> extern struct cmdline_token_ops cmdline_token_num_ops;
>
> int cmdline_parse_num(cmdline_parse_token_hdr_t *tk,
> - const char *srcbuf, void *res);
> + const char *srcbuf, void *res, unsigned ressize);
> int cmdline_get_help_num(cmdline_parse_token_hdr_t *tk,
> - char *dstbuf, unsigned int size);
> + char *dstbuf, unsigned int size);
>
> #define TOKEN_NUM_INITIALIZER(structure, field, numtype) \
> { \
> diff --git a/lib/librte_cmdline/cmdline_parse_portlist.c b/lib/librte_cmdline/cmdline_parse_portlist.c
> index 7eac05c..834f2e6 100644
> --- a/lib/librte_cmdline/cmdline_parse_portlist.c
> +++ b/lib/librte_cmdline/cmdline_parse_portlist.c
> @@ -127,7 +127,7 @@ parse_ports(cmdline_portlist_t * pl, const char * str)
>
> int
> cmdline_parse_portlist(__attribute__((unused)) cmdline_parse_token_hdr_t *tk,
> - const char *buf, void *res)
> + const char *buf, void *res, unsigned ressize)
> {
> unsigned int token_len = 0;
> char portlist_str[PORTLIST_TOKEN_SIZE+1];
> @@ -136,6 +136,9 @@ cmdline_parse_portlist(__attribute__((unused)) cmdline_parse_token_hdr_t *tk,
> if (!buf || ! *buf)
> return (-1);
>
> + if (res && ressize < PORTLIST_TOKEN_SIZE)
> + return -1;
> +
> pl = res;
>
> while (!cmdline_isendoftoken(buf[token_len]) &&
> diff --git a/lib/librte_cmdline/cmdline_parse_portlist.h b/lib/librte_cmdline/cmdline_parse_portlist.h
> index 6fdc406..8505059 100644
> --- a/lib/librte_cmdline/cmdline_parse_portlist.h
> +++ b/lib/librte_cmdline/cmdline_parse_portlist.h
> @@ -81,9 +81,9 @@ typedef struct cmdline_token_portlist cmdline_parse_token_portlist_t;
> extern struct cmdline_token_ops cmdline_token_portlist_ops;
>
> int cmdline_parse_portlist(cmdline_parse_token_hdr_t *tk,
> - const char *srcbuf, void *res);
> + const char *srcbuf, void *res, unsigned ressize);
> int cmdline_get_help_portlist(cmdline_parse_token_hdr_t *tk,
> - char *dstbuf, unsigned int size);
> + char *dstbuf, unsigned int size);
>
> #define TOKEN_PORTLIST_INITIALIZER(structure, field) \
> { \
> diff --git a/lib/librte_cmdline/cmdline_parse_string.c b/lib/librte_cmdline/cmdline_parse_string.c
> index b1bfe91..45883b3 100644
> --- a/lib/librte_cmdline/cmdline_parse_string.c
> +++ b/lib/librte_cmdline/cmdline_parse_string.c
> @@ -105,13 +105,17 @@ get_next_token(const char *s)
> }
>
> int
> -cmdline_parse_string(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
> +cmdline_parse_string(cmdline_parse_token_hdr_t *tk, const char *buf, void *res,
> + unsigned ressize)
> {
> struct cmdline_token_string *tk2;
> struct cmdline_token_string_data *sd;
> unsigned int token_len;
> const char *str;
>
> + if (res && ressize < STR_TOKEN_SIZE)
> + return -1;
> +
> if (!tk || !buf || ! *buf)
> return -1;
>
> diff --git a/lib/librte_cmdline/cmdline_parse_string.h b/lib/librte_cmdline/cmdline_parse_string.h
> index 52c916c..c205622 100644
> --- a/lib/librte_cmdline/cmdline_parse_string.h
> +++ b/lib/librte_cmdline/cmdline_parse_string.h
> @@ -83,7 +83,7 @@ typedef struct cmdline_token_string cmdline_parse_token_string_t;
> extern struct cmdline_token_ops cmdline_token_string_ops;
>
> int cmdline_parse_string(cmdline_parse_token_hdr_t *tk, const char *srcbuf,
> - void *res);
> + void *res, unsigned ressize);
> int cmdline_complete_get_nb_string(cmdline_parse_token_hdr_t *tk);
> int cmdline_complete_get_elt_string(cmdline_parse_token_hdr_t *tk, int idx,
> char *dstbuf, unsigned int size);
> diff --git a/lib/librte_pmd_bond/rte_eth_bond_args.c b/lib/librte_pmd_bond/rte_eth_bond_args.c
> index 4114833..ca4de38 100644
> --- a/lib/librte_pmd_bond/rte_eth_bond_args.c
> +++ b/lib/librte_pmd_bond/rte_eth_bond_args.c
> @@ -254,7 +254,8 @@ bond_ethdev_parse_bond_mac_addr_kvarg(const char *key __rte_unused,
> return -1;
>
> /* Parse MAC */
> - return cmdline_parse_etheraddr(NULL, value, extra_args);
> + return cmdline_parse_etheraddr(NULL, value, extra_args,
> + sizeof(struct ether_addr));
> }
>
> int
> --
> 2.1.0
>
> > When using test-pmd with flow director in FreeBSD, the application will
> > segfault/Bus error while parsing the command-line. This is due to how
> > each commands result structure is represented during parsing, where the offsets
> > for each tokens value is stored in a character array(char result_buf[BUFSIZ])
> > in cmdline_parse()(./lib/librte_cmdline/cmdline_parse.c).
> >
> > The overflow occurs where BUFSIZ is less than the size of a commands result
> > structure, in this case "struct cmd_pkt_filter_result"
> > (app/test-pmd/cmdline.c) is 1088 bytes and BUFSIZ on FreeBSD is 1024 bytes as
> > opposed to 8192 bytes on Linux.
> >
> > The problem can be reproduced by running test-pmd on FreeBSD:
> > ./testpmd -c 0x3 -n 4 -- -i --portmask=0x3 --pkt-filter-mode=perfect
> > And adding a filter:
> > add_perfect_filter 0 udp src 192.168.0.0 1024 dst 192.168.0.0 1024 flexbytes
> > 0x800 vlan 0 queue 0 soft 0x17
> >
> > This patch removes the OS dependency on BUFSIZ and defines and uses a
> > library #define CMDLINE_PARSE_RESULT_BUFSIZE 8192
> >
> > Added boundary checking to ensure this buffer size cannot overflow, with
> > an error message being produced.
> >
> > Suggested-by: Olivier MATZ <olivier.matz@6wind.com>
> > http://git.droids-corp.org/?p=libcmdline.git;a=commitdiff;h=b1d5b169352e57df3fc14c51ffad4b83f3e5613f
> >
> > Signed-off-by: Alan Carew <alan.carew@intel.com>
> > Signed-off-by: Olivier MATZ <olivier.matz@6wind.com>
>
> Tested on FreeBSD 10 and this patch fixes the issue described.
>
> Tested-by: Bruce Richardson <bruce.richardson@intel.com>
Applied
Thank you all
@@ -223,7 +223,8 @@ init_peer_eth_addrs(char *config_filename)
if (fgets(buf, sizeof(buf), config_file) == NULL)
break;
- if (cmdline_parse_etheraddr(NULL, buf, &peer_eth_addrs[i]) < 0 ){
+ if (cmdline_parse_etheraddr(NULL, buf, &peer_eth_addrs[i],
+ sizeof(peer_eth_addrs[i])) < 0 ){
printf("Bad MAC address format on line %d\n", i+1);
fclose(config_file);
return -1;
@@ -658,7 +659,8 @@ launch_args_parse(int argc, char** argv)
"eth-peer: port %d >= RTE_MAX_ETHPORTS(%d)\n",
n, RTE_MAX_ETHPORTS);
- if (cmdline_parse_etheraddr(NULL, port_end, &peer_addr) < 0 )
+ if (cmdline_parse_etheraddr(NULL, port_end,
+ &peer_addr, sizeof(peer_addr)) < 0 )
rte_exit(EXIT_FAILURE,
"Invalid ethernet address: %s\n",
port_end);
@@ -130,14 +130,15 @@ test_parse_etheraddr_invalid_param(void)
int ret = 0;
/* try all null */
- ret = cmdline_parse_etheraddr(NULL, NULL, NULL);
+ ret = cmdline_parse_etheraddr(NULL, NULL, NULL, 0);
if (ret != -1) {
printf("Error: parser accepted null parameters!\n");
return -1;
}
/* try null buf */
- ret = cmdline_parse_etheraddr(NULL, NULL, (void*)&result);
+ ret = cmdline_parse_etheraddr(NULL, NULL, (void*)&result,
+ sizeof(result));
if (ret != -1) {
printf("Error: parser accepted null string!\n");
return -1;
@@ -149,7 +150,7 @@ test_parse_etheraddr_invalid_param(void)
snprintf(buf, sizeof(buf), "%s",
ether_addr_valid_strs[0].str);
- ret = cmdline_parse_etheraddr(NULL, buf, NULL);
+ ret = cmdline_parse_etheraddr(NULL, buf, NULL, 0);
if (ret == -1) {
printf("Error: parser rejected null result!\n");
return -1;
@@ -185,7 +186,7 @@ test_parse_etheraddr_invalid_data(void)
memset(&result, 0, sizeof(struct ether_addr));
ret = cmdline_parse_etheraddr(NULL, ether_addr_invalid_strs[i],
- (void*)&result);
+ (void*)&result, sizeof(result));
if (ret != -1) {
printf("Error: parsing %s succeeded!\n",
ether_addr_invalid_strs[i]);
@@ -210,7 +211,7 @@ test_parse_etheraddr_valid(void)
memset(&result, 0, sizeof(struct ether_addr));
ret = cmdline_parse_etheraddr(NULL, ether_addr_valid_strs[i].str,
- (void*)&result);
+ (void*)&result, sizeof(result));
if (ret < 0) {
printf("Error: parsing %s failed!\n",
ether_addr_valid_strs[i].str);
@@ -229,7 +230,7 @@ test_parse_etheraddr_valid(void)
memset(&result, 0, sizeof(struct ether_addr));
ret = cmdline_parse_etheraddr(NULL, ether_addr_garbage_strs[i],
- (void*)&result);
+ (void*)&result, sizeof(result));
if (ret < 0) {
printf("Error: parsing %s failed!\n",
ether_addr_garbage_strs[i]);
@@ -425,7 +425,8 @@ test_parse_ipaddr_valid(void)
buf, sizeof(buf));
ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
- ipaddr_valid_strs[i].str, (void*)&result);
+ ipaddr_valid_strs[i].str, (void*)&result,
+ sizeof(result));
/* if should have passed, or should have failed */
if ((ret < 0) ==
@@ -474,7 +475,8 @@ test_parse_ipaddr_valid(void)
buf, sizeof(buf));
ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
- ipaddr_garbage_addr4_strs[i], (void*)&result);
+ ipaddr_garbage_addr4_strs[i], (void*)&result,
+ sizeof(result));
/* if should have passed, or should have failed */
if ((ret < 0) ==
@@ -515,7 +517,8 @@ test_parse_ipaddr_valid(void)
buf, sizeof(buf));
ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
- ipaddr_garbage_addr6_strs[i], (void*)&result);
+ ipaddr_garbage_addr6_strs[i], (void*)&result,
+ sizeof(result));
/* if should have passed, or should have failed */
if ((ret < 0) ==
@@ -557,7 +560,8 @@ test_parse_ipaddr_valid(void)
buf, sizeof(buf));
ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
- ipaddr_garbage_network4_strs[i], (void*)&result);
+ ipaddr_garbage_network4_strs[i], (void*)&result,
+ sizeof(result));
/* if should have passed, or should have failed */
if ((ret < 0) ==
@@ -598,7 +602,8 @@ test_parse_ipaddr_valid(void)
buf, sizeof(buf));
ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
- ipaddr_garbage_network6_strs[i], (void*)&result);
+ ipaddr_garbage_network6_strs[i], (void*)&result,
+ sizeof(result));
/* if should have passed, or should have failed */
if ((ret < 0) ==
@@ -651,7 +656,8 @@ test_parse_ipaddr_invalid_data(void)
buf, sizeof(buf));
ret = cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
- ipaddr_invalid_strs[i], (void*)&result);
+ ipaddr_invalid_strs[i], (void*)&result,
+ sizeof(result));
if (ret != -1) {
printf("Error: parsing %s as %s succeeded!\n",
@@ -677,25 +683,26 @@ test_parse_ipaddr_invalid_param(void)
token.ipaddr_data.flags = CMDLINE_IPADDR_V4;
/* null token */
- if (cmdline_parse_ipaddr(NULL, buf, (void*)&result) != -1) {
+ if (cmdline_parse_ipaddr(NULL, buf, (void*)&result,
+ sizeof(result)) != -1) {
printf("Error: parser accepted invalid parameters!\n");
return -1;
}
/* null buffer */
if (cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
- NULL, (void*)&result) != -1) {
+ NULL, (void*)&result, sizeof(result)) != -1) {
printf("Error: parser accepted invalid parameters!\n");
return -1;
}
/* empty buffer */
if (cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
- "", (void*)&result) != -1) {
+ "", (void*)&result, sizeof(result)) != -1) {
printf("Error: parser accepted invalid parameters!\n");
return -1;
}
/* null result */
if (cmdline_parse_ipaddr((cmdline_parse_token_hdr_t*)&token,
- buf, NULL) == -1) {
+ buf, NULL, 0) == -1) {
printf("Error: parser rejected null result!\n");
return -1;
}
@@ -350,14 +350,14 @@ test_parse_num_invalid_param(void)
num_valid_positive_strs[0].str);
/* try all null */
- ret = cmdline_parse_num(NULL, NULL, NULL);
+ ret = cmdline_parse_num(NULL, NULL, NULL, 0);
if (ret != -1) {
printf("Error: parser accepted null parameters!\n");
return -1;
}
/* try null token */
- ret = cmdline_parse_num(NULL, buf, (void*)&result);
+ ret = cmdline_parse_num(NULL, buf, (void*)&result, sizeof(result));
if (ret != -1) {
printf("Error: parser accepted null token!\n");
return -1;
@@ -365,14 +365,15 @@ test_parse_num_invalid_param(void)
/* try null buf */
ret = cmdline_parse_num((cmdline_parse_token_hdr_t*)&token, NULL,
- (void*)&result);
+ (void*)&result, sizeof(result));
if (ret != -1) {
printf("Error: parser accepted null string!\n");
return -1;
}
/* try null result */
- ret = cmdline_parse_num((cmdline_parse_token_hdr_t*)&token, buf, NULL);
+ ret = cmdline_parse_num((cmdline_parse_token_hdr_t*)&token, buf,
+ NULL, 0);
if (ret == -1) {
printf("Error: parser rejected null result!\n");
return -1;
@@ -426,7 +427,7 @@ test_parse_num_invalid_data(void)
memset(&buf, 0, sizeof(buf));
ret = cmdline_parse_num((cmdline_parse_token_hdr_t*)&token,
- num_invalid_strs[i], (void*)&result);
+ num_invalid_strs[i], (void*)&result, sizeof(result));
if (ret != -1) {
/* get some info about what we are trying to parse */
cmdline_get_help_num((cmdline_parse_token_hdr_t*)&token,
@@ -466,8 +467,9 @@ test_parse_num_valid(void)
cmdline_get_help_num((cmdline_parse_token_hdr_t*)&token,
buf, sizeof(buf));
- ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token, num_valid_positive_strs[i].str,
- (void*)&result);
+ ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token,
+ num_valid_positive_strs[i].str,
+ (void*)&result, sizeof(result));
/* if it should have passed but didn't, or if it should have failed but didn't */
if ((ret < 0) == (can_parse_unsigned(num_valid_positive_strs[i].result, type) > 0)) {
@@ -493,8 +495,9 @@ test_parse_num_valid(void)
cmdline_get_help_num((cmdline_parse_token_hdr_t*)&token,
buf, sizeof(buf));
- ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token, num_valid_negative_strs[i].str,
- (void*)&result);
+ ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token,
+ num_valid_negative_strs[i].str,
+ (void*)&result, sizeof(result));
/* if it should have passed but didn't, or if it should have failed but didn't */
if ((ret < 0) == (can_parse_signed(num_valid_negative_strs[i].result, type) > 0)) {
@@ -542,8 +545,9 @@ test_parse_num_valid(void)
cmdline_get_help_num((cmdline_parse_token_hdr_t*)&token,
buf, sizeof(buf));
- ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token, num_garbage_positive_strs[i].str,
- (void*)&result);
+ ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token,
+ num_garbage_positive_strs[i].str,
+ (void*)&result, sizeof(result));
/* if it should have passed but didn't, or if it should have failed but didn't */
if ((ret < 0) == (can_parse_unsigned(num_garbage_positive_strs[i].result, type) > 0)) {
@@ -569,8 +573,9 @@ test_parse_num_valid(void)
cmdline_get_help_num((cmdline_parse_token_hdr_t*)&token,
buf, sizeof(buf));
- ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token, num_garbage_negative_strs[i].str,
- (void*)&result);
+ ret = cmdline_parse_num((cmdline_parse_token_hdr_t*) &token,
+ num_garbage_negative_strs[i].str,
+ (void*)&result, sizeof(result));
/* if it should have passed but didn't, or if it should have failed but didn't */
if ((ret < 0) == (can_parse_signed(num_garbage_negative_strs[i].result, type) > 0)) {
@@ -139,21 +139,22 @@ test_parse_portlist_invalid_param(void)
memset(&result, 0, sizeof(cmdline_portlist_t));
/* try all null */
- ret = cmdline_parse_portlist(NULL, NULL, NULL);
+ ret = cmdline_parse_portlist(NULL, NULL, NULL, 0);
if (ret != -1) {
printf("Error: parser accepted null parameters!\n");
return -1;
}
/* try null buf */
- ret = cmdline_parse_portlist(NULL, NULL, (void*)&result);
+ ret = cmdline_parse_portlist(NULL, NULL, (void*)&result,
+ sizeof(result));
if (ret != -1) {
printf("Error: parser accepted null string!\n");
return -1;
}
/* try null result */
- ret = cmdline_parse_portlist(NULL, portlist_valid_strs[0].str, NULL);
+ ret = cmdline_parse_portlist(NULL, portlist_valid_strs[0].str, NULL, 0);
if (ret == -1) {
printf("Error: parser rejected null result!\n");
return -1;
@@ -188,7 +189,7 @@ test_parse_portlist_invalid_data(void)
memset(&result, 0, sizeof(cmdline_portlist_t));
ret = cmdline_parse_portlist(NULL, portlist_invalid_strs[i],
- (void*)&result);
+ (void*)&result, sizeof(result));
if (ret != -1) {
printf("Error: parsing %s succeeded!\n",
portlist_invalid_strs[i]);
@@ -213,7 +214,7 @@ test_parse_portlist_valid(void)
memset(&result, 0, sizeof(cmdline_portlist_t));
ret = cmdline_parse_portlist(NULL, portlist_valid_strs[i].str,
- (void*)&result);
+ (void*)&result, sizeof(result));
if (ret < 0) {
printf("Error: parsing %s failed!\n",
portlist_valid_strs[i].str);
@@ -232,7 +233,7 @@ test_parse_portlist_valid(void)
memset(&result, 0, sizeof(cmdline_portlist_t));
ret = cmdline_parse_portlist(NULL, portlist_garbage_strs[i],
- (void*)&result);
+ (void*)&result, sizeof(result));
if (ret < 0) {
printf("Error: parsing %s failed!\n",
portlist_garbage_strs[i]);
@@ -178,7 +178,7 @@ test_parse_string_invalid_param(void)
printf("Error: function accepted null token!\n");
return -1;
}
- if (cmdline_parse_string(NULL, buf, NULL) != -1) {
+ if (cmdline_parse_string(NULL, buf, NULL, 0) != -1) {
printf("Error: function accepted null token!\n");
return -1;
}
@@ -189,7 +189,8 @@ test_parse_string_invalid_param(void)
return -1;
}
if (cmdline_parse_string(
- (cmdline_parse_token_hdr_t*)&token, NULL, (void*)&result) != -1) {
+ (cmdline_parse_token_hdr_t*)&token, NULL,
+ (void*)&result, sizeof(result)) != -1) {
printf("Error: function accepted null buffer!\n");
return -1;
}
@@ -200,7 +201,7 @@ test_parse_string_invalid_param(void)
}
/* test null result */
if (cmdline_parse_string(
- (cmdline_parse_token_hdr_t*)&token, buf, NULL) == -1) {
+ (cmdline_parse_token_hdr_t*)&token, buf, NULL, 0) == -1) {
printf("Error: function rejected null result!\n");
return -1;
}
@@ -233,7 +234,8 @@ test_parse_string_invalid_data(void)
token.string_data.str = string_invalid_strs[i].fixed_str;
if (cmdline_parse_string((cmdline_parse_token_hdr_t*)&token,
- string_invalid_strs[i].str, (void*)buf) != -1) {
+ string_invalid_strs[i].str, (void*)buf,
+ sizeof(buf)) != -1) {
memset(help_str, 0, sizeof(help_str));
memset(&help_token, 0, sizeof(help_token));
@@ -330,7 +332,8 @@ test_parse_string_valid(void)
token.string_data.str = string_parse_strs[i].fixed_str;
if (cmdline_parse_string((cmdline_parse_token_hdr_t*)&token,
- string_parse_strs[i].str, (void*)buf) < 0) {
+ string_parse_strs[i].str, (void*)buf,
+ sizeof(buf)) < 0) {
/* clean help data */
memset(&help_token, 0, sizeof(help_token));
@@ -84,7 +84,8 @@ struct cmdline_token_ops token_obj_list_ops = {
};
int
-parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
+parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *buf, void *res,
+ unsigned ressize)
{
struct token_obj_list *tk2 = (struct token_obj_list *)tk;
struct token_obj_list_data *tkd = &tk2->obj_list_data;
@@ -94,6 +95,9 @@ parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
if (*buf == 0)
return -1;
+ if (res && ressize < sizeof(struct object *))
+ return -1;
+
while(!cmdline_isendoftoken(buf[token_len]))
token_len++;
@@ -91,7 +91,8 @@ typedef struct token_obj_list parse_token_obj_list_t;
extern struct cmdline_token_ops token_obj_list_ops;
-int parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res);
+int parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res,
+ unsigned ressize);
int complete_get_nb_obj_list(cmdline_parse_token_hdr_t *tk);
int complete_get_elt_obj_list(cmdline_parse_token_hdr_t *tk, int idx,
char *dstbuf, unsigned int size);
@@ -77,7 +77,7 @@ struct grant_node_item {
} __attribute__((packed));
int cmdline_parse_etheraddr(void *tk, const char *srcbuf,
- void *res);
+ void *res, unsigned ressize);
/* Map grant ref refid at addr_ori*/
static void *
@@ -676,7 +676,8 @@ xen_parse_etheraddr(struct xen_vring *vring)
if ((buf = xen_read_node(path, &len)) == NULL)
goto out;
- if (cmdline_parse_etheraddr(NULL, buf, &vring->addr) < 0)
+ if (cmdline_parse_etheraddr(NULL, buf, &vring->addr,
+ sizeof(vring->addr)) < 0)
goto out;
ret = 0;
out:
@@ -138,7 +138,7 @@ nb_common_chars(const char * s1, const char * s2)
*/
static int
match_inst(cmdline_parse_inst_t *inst, const char *buf,
- unsigned int nb_match_token, void * result_buf)
+ unsigned int nb_match_token, void *resbuf, unsigned resbuf_size)
{
unsigned int token_num=0;
cmdline_parse_token_hdr_t * token_p;
@@ -162,12 +162,23 @@ match_inst(cmdline_parse_inst_t *inst, const char *buf,
if ( isendofline(*buf) || iscomment(*buf) )
break;
- if (result_buf)
- n = token_hdr.ops->parse(token_p, buf,
- (char *)result_buf +
- token_hdr.offset);
- else
- n = token_hdr.ops->parse(token_p, buf, NULL);
+ if (resbuf == NULL) {
+ n = token_hdr.ops->parse(token_p, buf, NULL, 0);
+ } else {
+ unsigned rb_sz;
+
+ if (token_hdr.offset > resbuf_size) {
+ printf("Parse error(%s:%d): Token offset(%u) "
+ "exceeds maximum size(%u)\n",
+ __FILE__, __LINE__,
+ token_hdr.offset, resbuf_size);
+ return -ENOBUFS;
+ }
+ rb_sz = resbuf_size - token_hdr.offset;
+
+ n = token_hdr.ops->parse(token_p, buf, (char *)resbuf +
+ token_hdr.offset, rb_sz);
+ }
if (n < 0)
break;
@@ -219,7 +230,7 @@ cmdline_parse(struct cmdline *cl, const char * buf)
unsigned int inst_num=0;
cmdline_parse_inst_t *inst;
const char *curbuf;
- char result_buf[BUFSIZ];
+ char result_buf[CMDLINE_PARSE_RESULT_BUFSIZE];
void (*f)(void *, struct cmdline *, void *) = NULL;
void *data = NULL;
int comment = 0;
@@ -280,7 +291,7 @@ cmdline_parse(struct cmdline *cl, const char * buf)
debug_printf("INST %d\n", inst_num);
/* fully parsed */
- tok = match_inst(inst, buf, 0, result_buf);
+ tok = match_inst(inst, buf, 0, result_buf, sizeof(result_buf));
if (tok > 0) /* we matched at least one token */
err = CMDLINE_PARSE_BAD_ARGS;
@@ -377,10 +388,10 @@ cmdline_complete(struct cmdline *cl, const char *buf, int *state,
inst = ctx[inst_num];
while (inst) {
/* parse the first tokens of the inst */
- if (nb_token && match_inst(inst, buf, nb_token, NULL))
+ if (nb_token && match_inst(inst, buf, nb_token, NULL, 0))
goto next;
- debug_printf("instruction match \n");
+ debug_printf("instruction match\n");
token_p = inst->tokens[nb_token];
if (token_p)
memcpy(&token_hdr, token_p, sizeof(token_hdr));
@@ -471,7 +482,7 @@ cmdline_complete(struct cmdline *cl, const char *buf, int *state,
/* we need to redo it */
inst = ctx[inst_num];
- if (nb_token && match_inst(inst, buf, nb_token, NULL))
+ if (nb_token && match_inst(inst, buf, nb_token, NULL, 0))
goto next2;
token_p = inst->tokens[nb_token];
@@ -80,6 +80,9 @@ extern "C" {
#define CMDLINE_PARSE_COMPLETE_AGAIN 1
#define CMDLINE_PARSE_COMPLETED_BUFFER 2
+/* maximum buffer size for parsed result */
+#define CMDLINE_PARSE_RESULT_BUFSIZE 8192
+
/**
* Stores a pointer to the ops struct, and the offset: the place to
* write the parsed result in the destination structure.
@@ -110,12 +113,14 @@ typedef struct cmdline_token_hdr cmdline_parse_token_hdr_t;
* -1 on error and 0 on success.
*/
struct cmdline_token_ops {
- /** parse(token ptr, buf, res pts) */
- int (*parse)(cmdline_parse_token_hdr_t *, const char *, void *);
+ /** parse(token ptr, buf, res pts, buf len) */
+ int (*parse)(cmdline_parse_token_hdr_t *, const char *, void *,
+ unsigned int);
/** return the num of possible choices for this token */
int (*complete_get_nb)(cmdline_parse_token_hdr_t *);
/** return the elt x for this token (token, idx, dstbuf, size) */
- int (*complete_get_elt)(cmdline_parse_token_hdr_t *, int, char *, unsigned int);
+ int (*complete_get_elt)(cmdline_parse_token_hdr_t *, int, char *,
+ unsigned int);
/** get help for this token (token, dstbuf, size) */
int (*get_help)(cmdline_parse_token_hdr_t *, char *, unsigned int);
};
@@ -137,12 +137,15 @@ my_ether_aton(const char *a)
int
cmdline_parse_etheraddr(__attribute__((unused)) cmdline_parse_token_hdr_t *tk,
- const char *buf, void *res)
+ const char *buf, void *res, unsigned ressize)
{
unsigned int token_len = 0;
char ether_str[ETHER_ADDRSTRLENLONG+1];
struct ether_addr *tmp;
+ if (res && ressize < sizeof(struct ether_addr))
+ return -1;
+
if (!buf || ! *buf)
return -1;
@@ -73,9 +73,9 @@ typedef struct cmdline_token_etheraddr cmdline_parse_token_etheraddr_t;
extern struct cmdline_token_ops cmdline_token_etheraddr_ops;
int cmdline_parse_etheraddr(cmdline_parse_token_hdr_t *tk, const char *srcbuf,
- void *res);
+ void *res, unsigned ressize);
int cmdline_get_help_etheraddr(cmdline_parse_token_hdr_t *tk, char *dstbuf,
- unsigned int size);
+ unsigned int size);
#define TOKEN_ETHERADDR_INITIALIZER(structure, field) \
{ \
@@ -306,7 +306,8 @@ inet_pton6(const char *src, unsigned char *dst)
}
int
-cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
+cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res,
+ unsigned ressize)
{
struct cmdline_token_ipaddr *tk2;
unsigned int token_len = 0;
@@ -315,6 +316,9 @@ cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
char *prefix, *prefix_end;
long prefixlen = 0;
+ if (res && ressize < sizeof(cmdline_ipaddr_t))
+ return -1;
+
if (!buf || !tk || ! *buf)
return -1;
@@ -92,9 +92,9 @@ typedef struct cmdline_token_ipaddr cmdline_parse_token_ipaddr_t;
extern struct cmdline_token_ops cmdline_token_ipaddr_ops;
int cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *srcbuf,
- void *res);
+ void *res, unsigned ressize);
int cmdline_get_help_ipaddr(cmdline_parse_token_hdr_t *tk, char *dstbuf,
- unsigned int size);
+ unsigned int size);
#define TOKEN_IPADDR_INITIALIZER(structure, field) \
{ \
@@ -119,10 +119,40 @@ add_to_res(unsigned int c, uint64_t *res, unsigned int base)
return 0;
}
+static int
+check_res_size(struct cmdline_token_num_data *nd, unsigned ressize)
+{
+ switch (nd->type) {
+ case INT8:
+ case UINT8:
+ if (ressize < sizeof(int8_t))
+ return -1;
+ break;
+ case INT16:
+ case UINT16:
+ if (ressize < sizeof(int16_t))
+ return -1;
+ break;
+ case INT32:
+ case UINT32:
+ if (ressize < sizeof(int32_t))
+ return -1;
+ break;
+ case INT64:
+ case UINT64:
+ if (ressize < sizeof(int64_t))
+ return -1;
+ break;
+ default:
+ return -1;
+ }
+ return 0;
+}
/* parse an int */
int
-cmdline_parse_num(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res)
+cmdline_parse_num(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res,
+ unsigned ressize)
{
struct cmdline_token_num_data nd;
enum num_parse_state_t st = START;
@@ -141,6 +171,12 @@ cmdline_parse_num(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res)
memcpy(&nd, &((struct cmdline_token_num *)tk)->num_data, sizeof(nd));
+ /* check that we have enough room in res */
+ if (res) {
+ if (check_res_size(&nd, ressize) < 0)
+ return -1;
+ }
+
while ( st != ERROR && c && ! cmdline_isendoftoken(c) ) {
debug_printf("%c %x -> ", c, c);
switch (st) {
@@ -89,9 +89,9 @@ typedef struct cmdline_token_num cmdline_parse_token_num_t;
extern struct cmdline_token_ops cmdline_token_num_ops;
int cmdline_parse_num(cmdline_parse_token_hdr_t *tk,
- const char *srcbuf, void *res);
+ const char *srcbuf, void *res, unsigned ressize);
int cmdline_get_help_num(cmdline_parse_token_hdr_t *tk,
- char *dstbuf, unsigned int size);
+ char *dstbuf, unsigned int size);
#define TOKEN_NUM_INITIALIZER(structure, field, numtype) \
{ \
@@ -127,7 +127,7 @@ parse_ports(cmdline_portlist_t * pl, const char * str)
int
cmdline_parse_portlist(__attribute__((unused)) cmdline_parse_token_hdr_t *tk,
- const char *buf, void *res)
+ const char *buf, void *res, unsigned ressize)
{
unsigned int token_len = 0;
char portlist_str[PORTLIST_TOKEN_SIZE+1];
@@ -136,6 +136,9 @@ cmdline_parse_portlist(__attribute__((unused)) cmdline_parse_token_hdr_t *tk,
if (!buf || ! *buf)
return (-1);
+ if (res && ressize < PORTLIST_TOKEN_SIZE)
+ return -1;
+
pl = res;
while (!cmdline_isendoftoken(buf[token_len]) &&
@@ -81,9 +81,9 @@ typedef struct cmdline_token_portlist cmdline_parse_token_portlist_t;
extern struct cmdline_token_ops cmdline_token_portlist_ops;
int cmdline_parse_portlist(cmdline_parse_token_hdr_t *tk,
- const char *srcbuf, void *res);
+ const char *srcbuf, void *res, unsigned ressize);
int cmdline_get_help_portlist(cmdline_parse_token_hdr_t *tk,
- char *dstbuf, unsigned int size);
+ char *dstbuf, unsigned int size);
#define TOKEN_PORTLIST_INITIALIZER(structure, field) \
{ \
@@ -105,13 +105,17 @@ get_next_token(const char *s)
}
int
-cmdline_parse_string(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
+cmdline_parse_string(cmdline_parse_token_hdr_t *tk, const char *buf, void *res,
+ unsigned ressize)
{
struct cmdline_token_string *tk2;
struct cmdline_token_string_data *sd;
unsigned int token_len;
const char *str;
+ if (res && ressize < STR_TOKEN_SIZE)
+ return -1;
+
if (!tk || !buf || ! *buf)
return -1;
@@ -83,7 +83,7 @@ typedef struct cmdline_token_string cmdline_parse_token_string_t;
extern struct cmdline_token_ops cmdline_token_string_ops;
int cmdline_parse_string(cmdline_parse_token_hdr_t *tk, const char *srcbuf,
- void *res);
+ void *res, unsigned ressize);
int cmdline_complete_get_nb_string(cmdline_parse_token_hdr_t *tk);
int cmdline_complete_get_elt_string(cmdline_parse_token_hdr_t *tk, int idx,
char *dstbuf, unsigned int size);
@@ -254,7 +254,8 @@ bond_ethdev_parse_bond_mac_addr_kvarg(const char *key __rte_unused,
return -1;
/* Parse MAC */
- return cmdline_parse_etheraddr(NULL, value, extra_args);
+ return cmdline_parse_etheraddr(NULL, value, extra_args,
+ sizeof(struct ether_addr));
}
int