[dpdk-stable] [dpdk-dev] [PATCH] kvargs: fix a heap-buffer-overflow when detect list
wangyunjian
wangyunjian at huawei.com
Thu Mar 19 05:38:00 CET 2020
From: Yunjian Wang <wangyunjian at huawei.com>
When an input params'value is '[', leading to the 'str' over read
or heap-buffer-overflow. So we can check the 'ctx1' length to avoid
this problem.
Fixes: cc0579f2339a ("kvargs: support list value")
Cc: stable at dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian at huawei.com>
---
lib/librte_kvargs/rte_kvargs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/librte_kvargs/rte_kvargs.c b/lib/librte_kvargs/rte_kvargs.c
index d39332999..a1144b90b 100644
--- a/lib/librte_kvargs/rte_kvargs.c
+++ b/lib/librte_kvargs/rte_kvargs.c
@@ -48,7 +48,8 @@ rte_kvargs_tokenize(struct rte_kvargs *kvlist, const char *params)
str = kvlist->pairs[i].value;
if (str[0] == '[') {
/* Find the end of the list. */
- while (str[strlen(str) - 1] != ']') {
+ while ((str[strlen(str) - 1] != ']') &&
+ (strlen(ctx1) > 0)) {
/* Restore the comma erased by strtok_r(). */
str[strlen(str)] = ',';
/* Parse until next comma. */
--
2.19.1
More information about the stable
mailing list