diff mbox series

net/softnic: fix null pointer dereference

Message ID 20210727081459.1145664-1-dapengx.yu@intel.com (mailing list archive)
State Accepted, archived
Delegated to: Ferruh Yigit
Headers show
Series net/softnic: fix null pointer dereference | expand

Checks

Context Check Description
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-testing success Testing PASS
ci/iol-abi-testing success Testing PASS
ci/intel-Testing success Testing PASS
ci/Intel-compilation success Compilation OK
ci/github-robot success github build: passed
ci/checkpatch success coding style OK

Commit Message

Yu, DapengX July 27, 2021, 8:14 a.m. UTC
From: Dapeng Yu <dapengx.yu@intel.com>

When there is no "firmware" in arguments, the "firmware" pointer is
null, and will be dereferenced by rte_strscpy().

This patch moves the code block which copies character string from
"firmware" to "p->firmware" into the "if" statements where "firmware"
argument exists and it is duplicated successfully.

Coverity issue: 372136
Fixes: d8f852f5f369 ("net/softnic: fix memory leak in arguments parsing")
Cc: stable@dpdk.org

Signed-off-by: Dapeng Yu <dapengx.yu@intel.com>
---
 drivers/net/softnic/rte_eth_softnic.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

Comments

Jasvinder Singh July 27, 2021, 9:16 a.m. UTC | #1
> -----Original Message-----
> From: Yu, DapengX <dapengx.yu@intel.com>
> Sent: Tuesday, July 27, 2021 9:15 AM
> To: Singh, Jasvinder <jasvinder.singh@intel.com>; Dumitrescu, Cristian
> <cristian.dumitrescu@intel.com>
> Cc: dev@dpdk.org; Yu, DapengX <dapengx.yu@intel.com>; stable@dpdk.org
> Subject: [PATCH] net/softnic: fix null pointer dereference
> 
> From: Dapeng Yu <dapengx.yu@intel.com>
> 
> When there is no "firmware" in arguments, the "firmware" pointer is null,
> and will be dereferenced by rte_strscpy().
> 
> This patch moves the code block which copies character string from
> "firmware" to "p->firmware" into the "if" statements where "firmware"
> argument exists and it is duplicated successfully.
> 
> Coverity issue: 372136
> Fixes: d8f852f5f369 ("net/softnic: fix memory leak in arguments parsing")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Dapeng Yu <dapengx.yu@intel.com>
> ---

Acked-by: Jasvinder Singh <jasvinder.singh@intel.com>
Thomas Monjalon July 30, 2021, 11:33 a.m. UTC | #2
> > From: Dapeng Yu <dapengx.yu@intel.com>
> > 
> > When there is no "firmware" in arguments, the "firmware" pointer is null,
> > and will be dereferenced by rte_strscpy().
> > 
> > This patch moves the code block which copies character string from
> > "firmware" to "p->firmware" into the "if" statements where "firmware"
> > argument exists and it is duplicated successfully.
> > 
> > Coverity issue: 372136
> > Fixes: d8f852f5f369 ("net/softnic: fix memory leak in arguments parsing")
> > Cc: stable@dpdk.org
> > 
> > Signed-off-by: Dapeng Yu <dapengx.yu@intel.com>
> 
> Acked-by: Jasvinder Singh <jasvinder.singh@intel.com>

Applied, thanks.
diff mbox series

Patch

diff --git a/drivers/net/softnic/rte_eth_softnic.c b/drivers/net/softnic/rte_eth_softnic.c
index 0aa7147b13..b3b55b9035 100644
--- a/drivers/net/softnic/rte_eth_softnic.c
+++ b/drivers/net/softnic/rte_eth_softnic.c
@@ -479,17 +479,19 @@  pmd_parse_args(struct pmd_params *p, const char *params)
 			&get_string, &firmware);
 		if (ret < 0)
 			goto out_free;
-	}
-	if (rte_strscpy(p->firmware, firmware,
-			sizeof(p->firmware)) < 0) {
-		PMD_LOG(WARNING,
-			"\"%s\": firmware path should be shorter than %zu",
-			firmware, sizeof(p->firmware));
+
+		if (rte_strscpy(p->firmware, firmware,
+				sizeof(p->firmware)) < 0) {
+			PMD_LOG(WARNING,
+				"\"%s\": "
+				"firmware path should be shorter than %zu",
+				firmware, sizeof(p->firmware));
+			free(firmware);
+			ret = -EINVAL;
+			goto out_free;
+		}
 		free(firmware);
-		ret = -EINVAL;
-		goto out_free;
 	}
-	free(firmware);
 	/* Connection listening port (optional) */
 	if (rte_kvargs_count(kvlist, PMD_PARAM_CONN_PORT) == 1) {
 		ret = rte_kvargs_process(kvlist, PMD_PARAM_CONN_PORT,