[RFC,3/3] app/testpmd: fix hex string parser in flow commands
Checks
Commit Message
The hexadecimal string parser does not check the target
field buffer size, buffer overflow happens and might
cause the application failure (segmentation fault
is observed usually).
Fixes: 169a9fed1f4c ("app/testpmd: fix hex string parser support for flow API")
Cc: stable@dpdk.org
Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
---
app/test-pmd/cmdline_flow.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
@@ -7291,10 +7291,13 @@ parse_hex(struct context *ctx, const struct token *token,
hexlen -= 2;
}
if (hexlen > length)
- return -1;
+ goto error;
ret = parse_hex_string(str, hex_tmp, &hexlen);
if (ret < 0)
goto error;
+ /* Check the converted binary fits into data buffer. */
+ if (hexlen > size)
+ goto error;
/* Let parse_int() fill length information first. */
ret = snprintf(tmp, sizeof(tmp), "%u", hexlen);
if (ret < 0)