net/softnic: fix null pointer dereference
Checks
Commit Message
From: Dapeng Yu <dapengx.yu@intel.com>
When there is no "firmware" in arguments, the "firmware" pointer is
null, and will be dereferenced by rte_strscpy().
This patch moves the code block which copies character string from
"firmware" to "p->firmware" into the "if" statements where "firmware"
argument exists and it is duplicated successfully.
Coverity issue: 372136
Fixes: d8f852f5f369 ("net/softnic: fix memory leak in arguments parsing")
Cc: stable@dpdk.org
Signed-off-by: Dapeng Yu <dapengx.yu@intel.com>
---
drivers/net/softnic/rte_eth_softnic.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
Comments
> -----Original Message-----
> From: Yu, DapengX <dapengx.yu@intel.com>
> Sent: Tuesday, July 27, 2021 9:15 AM
> To: Singh, Jasvinder <jasvinder.singh@intel.com>; Dumitrescu, Cristian
> <cristian.dumitrescu@intel.com>
> Cc: dev@dpdk.org; Yu, DapengX <dapengx.yu@intel.com>; stable@dpdk.org
> Subject: [PATCH] net/softnic: fix null pointer dereference
>
> From: Dapeng Yu <dapengx.yu@intel.com>
>
> When there is no "firmware" in arguments, the "firmware" pointer is null,
> and will be dereferenced by rte_strscpy().
>
> This patch moves the code block which copies character string from
> "firmware" to "p->firmware" into the "if" statements where "firmware"
> argument exists and it is duplicated successfully.
>
> Coverity issue: 372136
> Fixes: d8f852f5f369 ("net/softnic: fix memory leak in arguments parsing")
> Cc: stable@dpdk.org
>
> Signed-off-by: Dapeng Yu <dapengx.yu@intel.com>
> ---
Acked-by: Jasvinder Singh <jasvinder.singh@intel.com>
> > From: Dapeng Yu <dapengx.yu@intel.com>
> >
> > When there is no "firmware" in arguments, the "firmware" pointer is null,
> > and will be dereferenced by rte_strscpy().
> >
> > This patch moves the code block which copies character string from
> > "firmware" to "p->firmware" into the "if" statements where "firmware"
> > argument exists and it is duplicated successfully.
> >
> > Coverity issue: 372136
> > Fixes: d8f852f5f369 ("net/softnic: fix memory leak in arguments parsing")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Dapeng Yu <dapengx.yu@intel.com>
>
> Acked-by: Jasvinder Singh <jasvinder.singh@intel.com>
Applied, thanks.
@@ -479,17 +479,19 @@ pmd_parse_args(struct pmd_params *p, const char *params)
&get_string, &firmware);
if (ret < 0)
goto out_free;
- }
- if (rte_strscpy(p->firmware, firmware,
- sizeof(p->firmware)) < 0) {
- PMD_LOG(WARNING,
- "\"%s\": firmware path should be shorter than %zu",
- firmware, sizeof(p->firmware));
+
+ if (rte_strscpy(p->firmware, firmware,
+ sizeof(p->firmware)) < 0) {
+ PMD_LOG(WARNING,
+ "\"%s\": "
+ "firmware path should be shorter than %zu",
+ firmware, sizeof(p->firmware));
+ free(firmware);
+ ret = -EINVAL;
+ goto out_free;
+ }
free(firmware);
- ret = -EINVAL;
- goto out_free;
}
- free(firmware);
/* Connection listening port (optional) */
if (rte_kvargs_count(kvlist, PMD_PARAM_CONN_PORT) == 1) {
ret = rte_kvargs_process(kvlist, PMD_PARAM_CONN_PORT,