Message ID | 20210727081459.1145664-1-dapengx.yu@intel.com (mailing list archive) |
---|---|
State | Accepted, archived |
Delegated to: | Ferruh Yigit |
Headers | show |
Series | net/softnic: fix null pointer dereference | expand |
Context | Check | Description |
---|---|---|
ci/iol-intel-Functional | success | Functional Testing PASS |
ci/iol-intel-Performance | success | Performance Testing PASS |
ci/iol-mellanox-Performance | success | Performance Testing PASS |
ci/iol-testing | success | Testing PASS |
ci/iol-abi-testing | success | Testing PASS |
ci/intel-Testing | success | Testing PASS |
ci/Intel-compilation | success | Compilation OK |
ci/github-robot | success | github build: passed |
ci/checkpatch | success | coding style OK |
> -----Original Message----- > From: Yu, DapengX <dapengx.yu@intel.com> > Sent: Tuesday, July 27, 2021 9:15 AM > To: Singh, Jasvinder <jasvinder.singh@intel.com>; Dumitrescu, Cristian > <cristian.dumitrescu@intel.com> > Cc: dev@dpdk.org; Yu, DapengX <dapengx.yu@intel.com>; stable@dpdk.org > Subject: [PATCH] net/softnic: fix null pointer dereference > > From: Dapeng Yu <dapengx.yu@intel.com> > > When there is no "firmware" in arguments, the "firmware" pointer is null, > and will be dereferenced by rte_strscpy(). > > This patch moves the code block which copies character string from > "firmware" to "p->firmware" into the "if" statements where "firmware" > argument exists and it is duplicated successfully. > > Coverity issue: 372136 > Fixes: d8f852f5f369 ("net/softnic: fix memory leak in arguments parsing") > Cc: stable@dpdk.org > > Signed-off-by: Dapeng Yu <dapengx.yu@intel.com> > --- Acked-by: Jasvinder Singh <jasvinder.singh@intel.com>
> > From: Dapeng Yu <dapengx.yu@intel.com> > > > > When there is no "firmware" in arguments, the "firmware" pointer is null, > > and will be dereferenced by rte_strscpy(). > > > > This patch moves the code block which copies character string from > > "firmware" to "p->firmware" into the "if" statements where "firmware" > > argument exists and it is duplicated successfully. > > > > Coverity issue: 372136 > > Fixes: d8f852f5f369 ("net/softnic: fix memory leak in arguments parsing") > > Cc: stable@dpdk.org > > > > Signed-off-by: Dapeng Yu <dapengx.yu@intel.com> > > Acked-by: Jasvinder Singh <jasvinder.singh@intel.com> Applied, thanks.
diff --git a/drivers/net/softnic/rte_eth_softnic.c b/drivers/net/softnic/rte_eth_softnic.c index 0aa7147b13..b3b55b9035 100644 --- a/drivers/net/softnic/rte_eth_softnic.c +++ b/drivers/net/softnic/rte_eth_softnic.c @@ -479,17 +479,19 @@ pmd_parse_args(struct pmd_params *p, const char *params) &get_string, &firmware); if (ret < 0) goto out_free; - } - if (rte_strscpy(p->firmware, firmware, - sizeof(p->firmware)) < 0) { - PMD_LOG(WARNING, - "\"%s\": firmware path should be shorter than %zu", - firmware, sizeof(p->firmware)); + + if (rte_strscpy(p->firmware, firmware, + sizeof(p->firmware)) < 0) { + PMD_LOG(WARNING, + "\"%s\": " + "firmware path should be shorter than %zu", + firmware, sizeof(p->firmware)); + free(firmware); + ret = -EINVAL; + goto out_free; + } free(firmware); - ret = -EINVAL; - goto out_free; } - free(firmware); /* Connection listening port (optional) */ if (rte_kvargs_count(kvlist, PMD_PARAM_CONN_PORT) == 1) { ret = rte_kvargs_process(kvlist, PMD_PARAM_CONN_PORT,