diff mbox series

[v2,1/1] event/octeontx: resolve possible integer overflow

Message ID	20241023071546.865609-1-hpothula@marvell.com (mailing list archive)
State	Superseded, archived
Delegated to:	Jerin Jacob
Headers	From: Hanumanth Pothula <hpothula@marvell.com> To: Jerin Jacob <jerinj@marvell.com> CC: <dev@dpdk.org>, <hkalra@marvell.com>, <stephen@networkplumber.org>, <hpothula@marvell.com> Subject: [PATCH v2 1/1] event/octeontx: resolve possible integer overflow Date: Wed, 23 Oct 2024 12:45:46 +0530 Message-ID: <20241023071546.865609-1-hpothula@marvell.com> In-Reply-To: <20241018075903.53757-1-hpothula@marvell.com> References: <20241018075903.53757-1-hpothula@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	[v2,1/1] event/octeontx: resolve possible integer overflow \| [v2,1/1] event/octeontx: resolve possible integer overflow

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK
ci/intel-Testing	success	Testing PASS
ci/loongarch-compilation	success	Compilation OK
ci/github-robot: build	success	github build: passed
ci/loongarch-unit-testing	success	Unit Testing PASS
ci/intel-Functional	success	Functional PASS
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-marvell-Functional	success	Functional Testing PASS
ci/iol-broadcom-Performance	success	Performance Testing PASS
ci/iol-unit-arm64-testing	pending	Testing pending
ci/iol-unit-amd64-testing	pending	Testing pending
ci/iol-compile-arm64-testing	pending	Testing pending
ci/iol-compile-amd64-testing	success	Testing PASS
ci/iol-sample-apps-testing	success	Testing PASS

Commit Message

Hanumanth Pothula Oct. 23, 2024, 7:15 a.m. UTC

The last argument passed to ssovf_parsekv() is an
unsigned char*, but it is accessed as an integer.
This can lead to an integer overflow.

Hence, make ensure the argument is accessed as a char
and for better error handling use strtol instead of atoi.

Signed-off-by: Hanumanth Pothula <hpothula@marvell.com>
---

v2: use strtoul instead of strtol
---
 drivers/event/octeontx/ssovf_evdev.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

Comments

Stephen Hemminger Oct. 23, 2024, 4:16 p.m. UTC | #1

Unaddressed

On Wed, 23 Oct 2024 12:45:46 +0530
Hanumanth Pothula <hpothula@marvell.com> wrote:

>  static int
> -ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
> +ssovf_parsekv(const char *key, const char *value, void *opaque)
>  {
> -	int *flag = opaque;
> -	*flag = !!atoi(value);
> +	uint8_t *flag = opaque;
> +	uint64_t v;
> +	char *end;
> +
> +	errno = 0;
> +	v = (uint8_t)strtoul(value, &end, 0);

Cast will cause truncation of large values.

Maybe:
	v = strtoul(value, &end, 0);
	if (errno != 0 || value == end || *end != '\0' || v > UINT8_MAX) {
...


> +	if ((errno != 0) || (value == end) || *end != '\0') {
> +		ssovf_log_err("invalid %s value %s", key, value);
> +		return -EINVAL;
> +	}
> +
> +	*flag = !!v;
>  	return 0;
>  }

Hanumanth Pothula Oct. 23, 2024, 8:29 p.m. UTC | #2

From: Stephen Hemminger <stephen@networkplumber.org>
Sent: Wednesday, October 23, 2024 9:46 PM
To: Hanumanth Reddy Pothula <hpothula@marvell.com>
Cc: Jerin Jacob <jerinj@marvell.com>; dev@dpdk.org; Harman Kalra <hkalra@marvell.com>
Subject: [EXTERNAL] Re: [PATCH v2 1/1] event/octeontx: resolve possible integer overflow

On Wed, 23 Oct 2024 12: 45: 46 +0530 Hanumanth Pothula <hpothula@ marvell. com> wrote: > static int > -ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque) > +ssovf_parsekv(const char *key, const char *value,


On Wed, 23 Oct 2024 12:45:46 +0530

Hanumanth Pothula <hpothula@marvell.com<mailto:hpothula@marvell.com>> wrote:



>  static int

> -ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)

> +ssovf_parsekv(const char *key, const char *value, void *opaque)

>  {

> -         int *flag = opaque;

> -         *flag = !!atoi(value);

> +        uint8_t *flag = opaque;

> +        uint64_t v;

> +        char *end;

> +

> +        errno = 0;

> +        v = (uint8_t)strtoul(value, &end, 0);



Cast will cause truncation of large values.



Maybe:

              v = strtoul(value, &end, 0);

              if (errno != 0 || value == end || *end != '\0' || v > UINT8_MAX) {

...



Thanks for the review/comment.
Here, the value can only be ‘0’ or ‘1’, so truncation won’t be an issue.





> +        if ((errno != 0) || (value == end) || *end != '\0') {

> +                       ssovf_log_err("invalid %s value %s", key, value);

> +                       return -EINVAL;

> +        }

> +

> +        *flag = !!v;

>           return 0;

>  }

diff mbox series

Patch

diff --git a/drivers/event/octeontx/ssovf_evdev.c b/drivers/event/octeontx/ssovf_evdev.c
index 3a933b1db7..d2ab8011e1 100644
--- a/drivers/event/octeontx/ssovf_evdev.c
+++ b/drivers/event/octeontx/ssovf_evdev.c
@@ -717,10 +717,20 @@  ssovf_close(struct rte_eventdev *dev)
 }
 
 static int
-ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
+ssovf_parsekv(const char *key, const char *value, void *opaque)
 {
-	int *flag = opaque;
-	*flag = !!atoi(value);
+	uint8_t *flag = opaque;
+	uint64_t v;
+	char *end;
+
+	errno = 0;
+	v = (uint8_t)strtoul(value, &end, 0);
+	if ((errno != 0) || (value == end) || *end != '\0') {
+		ssovf_log_err("invalid %s value %s", key, value);
+		return -EINVAL;
+	}
+
+	*flag = !!v;
 	return 0;
 }