[dpdk-stable] patch 'examples/fips_validation: fix buffer overflow' has been queued to stable release 19.11.6

[luca.boccassi at gmail.com]

Hi,

FYI, your patch has been queued to stable release 19.11.6

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 10/30/20. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Thanks.

Luca Boccassi

---
>From ee56b4aeff67262f14409fc587eb5bdd346f3d43 Mon Sep 17 00:00:00 2001
From: Olivier Matz <olivier.matz at 6wind.com>
Date: Tue, 6 Oct 2020 09:41:41 +0200
Subject: [PATCH] examples/fips_validation: fix buffer overflow

[ upstream commit 9275af3bd9faa0337b418736bb622704d158fbac ]

If the file name is larger than MAX_STRING_SIZE (64), strcpy()
will overwrite the content of memory.

Replace strcpy() by rte_strscpy(), check its return value, and
increase file_name size to 256.

Fixes: 3d0fad56b74a ("examples/fips_validation: add crypto FIPS application")

Signed-off-by: Olivier Matz <olivier.matz at 6wind.com>
Acked-by: Fan Zhang <roy.fan.zhang at intel.com>
---
 examples/fips_validation/fips_validation.c | 12 ++++++++++--
 examples/fips_validation/fips_validation.h |  3 ++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
index 303f03495b..778c734fb2 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -275,7 +275,11 @@ fips_test_init(const char *req_file_path, const char *rsp_file_path,
 
 	fips_test_clear();
 
-	strcpy(info.file_name, req_file_path);
+	if (rte_strscpy(info.file_name, req_file_path,
+				sizeof(info.file_name)) < 0) {
+		RTE_LOG(ERR, USER1, "Path %s too long\n", req_file_path);
+		return -EINVAL;
+	}
 	info.algo = FIPS_TEST_ALGO_MAX;
 	if (parse_file_type(req_file_path) < 0) {
 		RTE_LOG(ERR, USER1, "File %s type not supported\n",
@@ -301,7 +305,11 @@ fips_test_init(const char *req_file_path, const char *rsp_file_path,
 		return -ENOMEM;
 	}
 
-	strlcpy(info.device_name, device_name, sizeof(info.device_name));
+	if (rte_strscpy(info.device_name, device_name,
+				sizeof(info.device_name)) < 0) {
+		RTE_LOG(ERR, USER1, "Device name %s too long\n", device_name);
+		return -EINVAL;
+	}
 
 	if (fips_test_parse_header() < 0) {
 		RTE_LOG(ERR, USER1, "Failed parsing header\n");
diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
index d517365291..fb0194d57b 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -14,6 +14,7 @@
 #define MAX_NB_TESTS		10240
 #define MAX_BUF_SIZE		2048
 #define MAX_STRING_SIZE		64
+#define MAX_FILE_NAME_SIZE	256
 #define MAX_DIGEST_SIZE		64
 
 #define POSITIVE_TEST		0
@@ -163,7 +164,7 @@ struct fips_test_interim_info {
 	uint32_t vec_start_off;
 	uint32_t nb_vec_lines;
 	char device_name[MAX_STRING_SIZE];
-	char file_name[MAX_STRING_SIZE];
+	char file_name[MAX_FILE_NAME_SIZE];
 
 	union {
 		struct aesavs_interim_data aes_data;
-- 
2.20.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2020-10-28 10:35:16.396894405 +0000
+++ 0150-examples-fips_validation-fix-buffer-overflow.patch	2020-10-28 10:35:11.740833497 +0000
@@ -1,8 +1,10 @@
-From 9275af3bd9faa0337b418736bb622704d158fbac Mon Sep 17 00:00:00 2001
+From ee56b4aeff67262f14409fc587eb5bdd346f3d43 Mon Sep 17 00:00:00 2001
 From: Olivier Matz <olivier.matz at 6wind.com>
 Date: Tue, 6 Oct 2020 09:41:41 +0200
 Subject: [PATCH] examples/fips_validation: fix buffer overflow
 
+[ upstream commit 9275af3bd9faa0337b418736bb622704d158fbac ]
+
 If the file name is larger than MAX_STRING_SIZE (64), strcpy()
 will overwrite the content of memory.
 
@@ -10,7 +12,6 @@
 increase file_name size to 256.
 
 Fixes: 3d0fad56b74a ("examples/fips_validation: add crypto FIPS application")
-Cc: stable at dpdk.org
 
 Signed-off-by: Olivier Matz <olivier.matz at 6wind.com>
 Acked-by: Fan Zhang <roy.fan.zhang at intel.com>
@@ -20,10 +21,10 @@
  2 files changed, 12 insertions(+), 3 deletions(-)
 
 diff --git a/examples/fips_validation/fips_validation.c b/examples/fips_validation/fips_validation.c
-index 9bdf257b8b..13f763c9aa 100644
+index 303f03495b..778c734fb2 100644
 --- a/examples/fips_validation/fips_validation.c
 +++ b/examples/fips_validation/fips_validation.c
-@@ -281,7 +281,11 @@ fips_test_init(const char *req_file_path, const char *rsp_file_path,
+@@ -275,7 +275,11 @@ fips_test_init(const char *req_file_path, const char *rsp_file_path,
  
  	fips_test_clear();
  
@@ -36,7 +37,7 @@
  	info.algo = FIPS_TEST_ALGO_MAX;
  	if (parse_file_type(req_file_path) < 0) {
  		RTE_LOG(ERR, USER1, "File %s type not supported\n",
-@@ -307,7 +311,11 @@ fips_test_init(const char *req_file_path, const char *rsp_file_path,
+@@ -301,7 +305,11 @@ fips_test_init(const char *req_file_path, const char *rsp_file_path,
  		return -ENOMEM;
  	}
  
@@ -50,7 +51,7 @@
  	if (fips_test_parse_header() < 0) {
  		RTE_LOG(ERR, USER1, "Failed parsing header\n");
 diff --git a/examples/fips_validation/fips_validation.h b/examples/fips_validation/fips_validation.h
-index 75fa555fa6..deba83eada 100644
+index d517365291..fb0194d57b 100644
 --- a/examples/fips_validation/fips_validation.h
 +++ b/examples/fips_validation/fips_validation.h
 @@ -14,6 +14,7 @@
@@ -61,7 +62,7 @@
  #define MAX_DIGEST_SIZE		64
  
  #define POSITIVE_TEST		0
-@@ -164,7 +165,7 @@ struct fips_test_interim_info {
+@@ -163,7 +164,7 @@ struct fips_test_interim_info {
  	uint32_t vec_start_off;
  	uint32_t nb_vec_lines;
  	char device_name[MAX_STRING_SIZE];