[dpdk-stable] [dpdk-dev] [PATCH] kvargs: fix a heap-buffer-overflow when detect list

wangyunjian wangyunjian at huawei.com
Thu Mar 19 05:38:00 CET 2020

Previous message: [dpdk-stable] [PATCH v3 4/4] net/netvsc: don't enable RSS if only single receive queue
Next message: [dpdk-stable] [dpdk-dev] [PATCH] kvargs: fix a heap-buffer-overflow when detect list
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yunjian Wang <wangyunjian at huawei.com>

When an input params'value is '[', leading to the 'str' over read
or heap-buffer-overflow. So we can check the 'ctx1' length to avoid
this problem.

Fixes: cc0579f2339a ("kvargs: support list value")
Cc: stable at dpdk.org

Signed-off-by: Yunjian Wang <wangyunjian at huawei.com>
---
 lib/librte_kvargs/rte_kvargs.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/librte_kvargs/rte_kvargs.c b/lib/librte_kvargs/rte_kvargs.c
index d39332999..a1144b90b 100644
--- a/lib/librte_kvargs/rte_kvargs.c
+++ b/lib/librte_kvargs/rte_kvargs.c
@@ -48,7 +48,8 @@ rte_kvargs_tokenize(struct rte_kvargs *kvlist, const char *params)
 		str = kvlist->pairs[i].value;
 		if (str[0] == '[') {
 			/* Find the end of the list. */
-			while (str[strlen(str) - 1] != ']') {
+			while ((str[strlen(str) - 1] != ']') &&
+			       (strlen(ctx1) > 0)) {
 				/* Restore the comma erased by strtok_r(). */
 				str[strlen(str)] = ',';
 				/* Parse until next comma. */
-- 
2.19.1

Previous message: [dpdk-stable] [PATCH v3 4/4] net/netvsc: don't enable RSS if only single receive queue
Next message: [dpdk-stable] [dpdk-dev] [PATCH] kvargs: fix a heap-buffer-overflow when detect list
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list