common/cnxk: validate length argument
Checks
Commit Message
The x->len is passed as argument to npc_prep_mcam_ldata(). In the
function the len is used to reference elements of int_info and
int_info_mask array. The arrays are of length NPC_MAX_EXTRACT_DATA_LEN.
Validating the x->len value so that it is not greater than
NPC_MAX_EXTRACT_DATA_LEN.
This patch also resolves warning observed with gcc 12 compiler.
log:
../drivers/common/cnxk/roc_npc_utils.c:13:26: warning: writing 16 bytes
into a region of size 0 [-Wstringop-overflow=]
ptr[idx] = data[len - 1 - idx];
../drivers/common/cnxk/roc_npc_utils.c:163:17: note: at offset 64 into
destination object ‘int_info’ of size 64
uint8_t int_info[NPC_MAX_EXTRACT_DATA_LEN];
Bugzilla ID: 854
Fixes: 665b6a7400bf ("common/cnxk: add NPC helper API")
Cc: stable@dpdk.org
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Reviewed-by: Kiran Kumar Kokkilagadda <kirankumark@marvell.com>
---
drivers/common/cnxk/roc_npc_utils.c | 3 +++
1 file changed, 3 insertions(+)
Comments
On Mon, Feb 7, 2022 at 11:43 AM Ankur Dwivedi <adwivedi@marvell.com> wrote:
>
> The x->len is passed as argument to npc_prep_mcam_ldata(). In the
> function the len is used to reference elements of int_info and
> int_info_mask array. The arrays are of length NPC_MAX_EXTRACT_DATA_LEN.
>
> Validating the x->len value so that it is not greater than
> NPC_MAX_EXTRACT_DATA_LEN.
>
> This patch also resolves warning observed with gcc 12 compiler.
>
> log:
> ../drivers/common/cnxk/roc_npc_utils.c:13:26: warning: writing 16 bytes
> into a region of size 0 [-Wstringop-overflow=]
> ptr[idx] = data[len - 1 - idx];
>
> ../drivers/common/cnxk/roc_npc_utils.c:163:17: note: at offset 64 into
> destination object ‘int_info’ of size 64
> uint8_t int_info[NPC_MAX_EXTRACT_DATA_LEN];
>
> Bugzilla ID: 854
> Fixes: 665b6a7400bf ("common/cnxk: add NPC helper API")
> Cc: stable@dpdk.org
>
> Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
> Reviewed-by: Kiran Kumar Kokkilagadda <kirankumark@marvell.com>
Changed the subject as
common/cnxk: fix NPC key extraction validation
Applied to dpdk-next-net-mrvl/for-next-net. Thanks
> ---
> drivers/common/cnxk/roc_npc_utils.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/common/cnxk/roc_npc_utils.c b/drivers/common/cnxk/roc_npc_utils.c
> index ed0ef5c462..007c454c3c 100644
> --- a/drivers/common/cnxk/roc_npc_utils.c
> +++ b/drivers/common/cnxk/roc_npc_utils.c
> @@ -166,6 +166,9 @@ npc_update_extraction_data(struct npc_parse_state *pst,
> int len = 0;
>
> x = xinfo;
> + if (x->len > NPC_MAX_EXTRACT_DATA_LEN)
> + return NPC_ERR_INVALID_SIZE;
> +
> len = x->len;
> hdr_off = x->hdr_off;
>
> --
> 2.28.0
>
@@ -166,6 +166,9 @@ npc_update_extraction_data(struct npc_parse_state *pst,
int len = 0;
x = xinfo;
+ if (x->len > NPC_MAX_EXTRACT_DATA_LEN)
+ return NPC_ERR_INVALID_SIZE;
+
len = x->len;
hdr_off = x->hdr_off;