From patchwork Tue Dec 21 07:37:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yunjian Wang X-Patchwork-Id: 105297 X-Patchwork-Delegate: rasland@nvidia.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2BAFDA0350; Tue, 21 Dec 2021 08:37:54 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A3D1640040; Tue, 21 Dec 2021 08:37:53 +0100 (CET) Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by mails.dpdk.org (Postfix) with ESMTP id 6977D4003C; Tue, 21 Dec 2021 08:37:52 +0100 (CET) Received: from dggpemm500024.china.huawei.com (unknown [172.30.72.56]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4JJ7Zv0h9lzbjbr; Tue, 21 Dec 2021 15:37:27 +0800 (CST) Received: from dggpemm500008.china.huawei.com (7.185.36.136) by dggpemm500024.china.huawei.com (7.185.36.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Tue, 21 Dec 2021 15:37:49 +0800 Received: from localhost (10.174.242.157) by dggpemm500008.china.huawei.com (7.185.36.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Tue, 21 Dec 2021 15:37:48 +0800 From: Yunjian Wang To: CC: , , , , Yunjian Wang , Subject: [dpdk-dev] [PATCH 1/1] net/mlx5: fix stack buffer overflow Date: Tue, 21 Dec 2021 15:37:44 +0800 Message-ID: <782531af297f80054ea965893bf2ed4a71af472c.1640071468.git.wangyunjian@huawei.com> X-Mailer: git-send-email 1.9.5.msysgit.1 MIME-Version: 1.0 X-Originating-IP: [10.174.242.157] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To dggpemm500008.china.huawei.com (7.185.36.136) X-CFilter-Loop: Reflected X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org The mlx5_sysfs_switch_info function get 'phys_port_name' buffer, using 'IF_NAMESIZE' for that case will be wrong and it can cause buffer overflow. Detected with address sanitizer: 0 (/usr/lib64/libasan.so.4+0x60b57) 1 vfscanf (/usr/lib64/libasan.so.4+0x6170f) 2 __interceptor_fscanf (/usr/lib64/libasan.so.4+0x61823) 3 mlx5_sysfs_switch_info ../drivers/net/mlx5/linux/mlx5_ethdev_os.c:1098 4 mlx5_os_pci_probe_pf ../drivers/net/mlx5/linux/mlx5_os.c:2417 5 mlx5_os_pci_probe ../drivers/net/mlx5/linux/mlx5_os.c:2647 6 mlx5_os_net_probe ../drivers/net/mlx5/linux/mlx5_os.c:2722 7 drivers_probe ../drivers/common/mlx5/mlx5_common.c:657 8 mlx5_common_dev_probe ../drivers/common/mlx5/mlx5_common.c:711 9 rte_pci_probe_one_driver ../drivers/bus/pci/pci_common.c:269 10 pci_probe_all_drivers ../drivers/bus/pci/pci_common.c:353 11 pci_probe ../drivers/bus/pci/pci_common.c:380 12 rte_bus_probe ../lib/eal/common/eal_common_bus.c:72 13 rte_eal_init ../lib/eal/linux/eal.c:1286 14 main ../app/test-pmd/testpmd.c:4112 15 __libc_start_main (/usr/lib64/libc.so.6+0x23f7f) 16 _start (dpdk/arm64-armv8a-linuxapp-gcc/app/dpdk-testpmd+0x4c88a3) Fixes: 63d1db710fbc ("net/mlx5: fix unlimited parsing of switch info") Cc: stable@dpdk.org Signed-off-by: Yunjian Wang --- drivers/net/mlx5/linux/mlx5_ethdev_os.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/mlx5/linux/mlx5_ethdev_os.c b/drivers/net/mlx5/linux/mlx5_ethdev_os.c index c19825ee52..1d97110864 100644 --- a/drivers/net/mlx5/linux/mlx5_ethdev_os.c +++ b/drivers/net/mlx5/linux/mlx5_ethdev_os.c @@ -1066,7 +1066,7 @@ int mlx5_sysfs_switch_info(unsigned int ifindex, struct mlx5_switch_info *info) { char ifname[IF_NAMESIZE]; - char port_name[IF_NAMESIZE]; + char port_name[IF_NAMESIZE + 1]; FILE *file; struct mlx5_switch_info data = { .master = 0,