[dpdk-stable] patch 'cfgfile: fix stack buffer underflow' has been queued to LTS release 18.11.10

Kevin Traynor ktraynor at redhat.com
Thu Aug 20 17:33:10 CEST 2020

Previous message: [dpdk-stable] patch 'rawdev: export dump function in map file' has been queued to LTS release 18.11.10
Next message: [dpdk-stable] patch 'drivers/crypto: add missing OOP feature flag' has been queued to LTS release 18.11.10
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to LTS release 18.11.10

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 08/25/20. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable-queue/commit/f567b9af5186940a95fd9ed8cd19ca6525708229

Thanks.

Kevin.

---
>From f567b9af5186940a95fd9ed8cd19ca6525708229 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen at networkplumber.org>
Date: Wed, 1 Jul 2020 20:05:58 -0700
Subject: [PATCH] cfgfile: fix stack buffer underflow

[ upstream commit 041a3971c8f47f7850586c601b7002652dc9327c ]

If cfgfile is give a line with comment character at the start
of the line, it will dereference outside of the buffer.

Detected with address sanitizer:

SUMMARY: AddressSanitizer: stack-buffer-underflow
lib/librte_cfgfile/rte_cfgfile.c:194 in rte_cfgfile_load_with_params
Shadow bytes around the buggy address:
  0x200fff79f6a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f6b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f6c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f6d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f6e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x200fff79f6f0: 00 00 00 00 f1 f1 f1[f1]00 00 00 00 00 00 00 00
  0x200fff79f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f720: 04 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00
  0x200fff79f730: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2
  0x200fff79f740: f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==2189==ABORTING

Fixes: a6a47ac9c2c9 ("cfgfile: rework load function")

Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
Reviewed-by: Bruce Richardson <bruce.richardson at intel.com>
---
 lib/librte_cfgfile/rte_cfgfile.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
index 6142696341..3b0ce68b19 100644
--- a/lib/librte_cfgfile/rte_cfgfile.c
+++ b/lib/librte_cfgfile/rte_cfgfile.c
@@ -186,5 +186,6 @@ rte_cfgfile_load_with_params(const char *filename, int flags,
 		/* skip parsing if comment character found */
 		pos = memchr(buffer, params->comment_character, len);
-		if (pos != NULL && (*(pos-1) != '\\')) {
+		if (pos != NULL &&
+		    (pos == buffer || *(pos-1) != '\\')) {
 			*pos = '\0';
 			len = pos -  buffer;
-- 
2.26.2

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2020-08-20 16:26:16.079025498 +0100
+++ 0005-cfgfile-fix-stack-buffer-underflow.patch	2020-08-20 16:26:15.756323707 +0100
@@ -1 +1 @@
-From 041a3971c8f47f7850586c601b7002652dc9327c Mon Sep 17 00:00:00 2001
+From f567b9af5186940a95fd9ed8cd19ca6525708229 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 041a3971c8f47f7850586c601b7002652dc9327c ]
+
@@ -47 +48,0 @@
-Cc: stable at dpdk.org
@@ -56 +57 @@
-index f132e40563..002022263e 100644
+index 6142696341..3b0ce68b19 100644
@@ -59 +60 @@
-@@ -192,5 +192,6 @@ rte_cfgfile_load_with_params(const char *filename, int flags,
+@@ -186,5 +186,6 @@ rte_cfgfile_load_with_params(const char *filename, int flags,

Previous message: [dpdk-stable] patch 'rawdev: export dump function in map file' has been queued to LTS release 18.11.10
Next message: [dpdk-stable] patch 'drivers/crypto: add missing OOP feature flag' has been queued to LTS release 18.11.10
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list