[dpdk-stable] patch 'cfgfile: fix stack buffer underflow' has been queued to stable release 19.11.4

luca.boccassi at gmail.com luca.boccassi at gmail.com
Fri Jul 24 13:58:47 CEST 2020

Previous message: [dpdk-stable] patch 'rawdev: export dump function in map file' has been queued to stable release 19.11.4
Next message: [dpdk-stable] patch 'rib: add C++ include guard' has been queued to stable release 19.11.4
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 19.11.4

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 07/26/20. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Thanks.

Luca Boccassi

---
>From 3b710031029e919462866fc7fb2692b3bfa7c78d Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen at networkplumber.org>
Date: Wed, 1 Jul 2020 20:05:58 -0700
Subject: [PATCH] cfgfile: fix stack buffer underflow

[ upstream commit 041a3971c8f47f7850586c601b7002652dc9327c ]

If cfgfile is give a line with comment character at the start
of the line, it will dereference outside of the buffer.

Detected with address sanitizer:

SUMMARY: AddressSanitizer: stack-buffer-underflow
lib/librte_cfgfile/rte_cfgfile.c:194 in rte_cfgfile_load_with_params
Shadow bytes around the buggy address:
  0x200fff79f6a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f6b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f6c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f6d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f6e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x200fff79f6f0: 00 00 00 00 f1 f1 f1[f1]00 00 00 00 00 00 00 00
  0x200fff79f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x200fff79f720: 04 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00
  0x200fff79f730: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2
  0x200fff79f740: f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==2189==ABORTING

Fixes: a6a47ac9c2c9 ("cfgfile: rework load function")

Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
Reviewed-by: Bruce Richardson <bruce.richardson at intel.com>
---
 lib/librte_cfgfile/rte_cfgfile.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
index 9049fd9c2..0c419d6ad 100644
--- a/lib/librte_cfgfile/rte_cfgfile.c
+++ b/lib/librte_cfgfile/rte_cfgfile.c
@@ -191,7 +191,8 @@ rte_cfgfile_load_with_params(const char *filename, int flags,
 		}
 		/* skip parsing if comment character found */
 		pos = memchr(buffer, params->comment_character, len);
-		if (pos != NULL && (*(pos-1) != '\\')) {
+		if (pos != NULL &&
+		    (pos == buffer || *(pos-1) != '\\')) {
 			*pos = '\0';
 			len = pos -  buffer;
 		}
-- 
2.20.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2020-07-24 12:53:51.984248021 +0100
+++ 0089-cfgfile-fix-stack-buffer-underflow.patch	2020-07-24 12:53:48.315006981 +0100
@@ -1,8 +1,10 @@
-From 041a3971c8f47f7850586c601b7002652dc9327c Mon Sep 17 00:00:00 2001
+From 3b710031029e919462866fc7fb2692b3bfa7c78d Mon Sep 17 00:00:00 2001
 From: Stephen Hemminger <stephen at networkplumber.org>
 Date: Wed, 1 Jul 2020 20:05:58 -0700
 Subject: [PATCH] cfgfile: fix stack buffer underflow
 
+[ upstream commit 041a3971c8f47f7850586c601b7002652dc9327c ]
+
 If cfgfile is give a line with comment character at the start
 of the line, it will dereference outside of the buffer.
 
@@ -44,7 +46,6 @@
 ==2189==ABORTING
 
 Fixes: a6a47ac9c2c9 ("cfgfile: rework load function")
-Cc: stable at dpdk.org
 
 Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
 Reviewed-by: Bruce Richardson <bruce.richardson at intel.com>
@@ -53,7 +54,7 @@
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
-index f132e4056..002022263 100644
+index 9049fd9c2..0c419d6ad 100644
 --- a/lib/librte_cfgfile/rte_cfgfile.c
 +++ b/lib/librte_cfgfile/rte_cfgfile.c
 @@ -191,7 +191,8 @@ rte_cfgfile_load_with_params(const char *filename, int flags,

Previous message: [dpdk-stable] patch 'rawdev: export dump function in map file' has been queued to stable release 19.11.4
Next message: [dpdk-stable] patch 'rib: add C++ include guard' has been queued to stable release 19.11.4
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list