[dpdk-dev] [PATCH 1/1] net/mlx5: fix stack buffer overflow
Yunjian Wang
wangyunjian at huawei.com
Tue Dec 21 08:37:44 CET 2021
The mlx5_sysfs_switch_info function get 'phys_port_name' buffer, using
'IF_NAMESIZE' for that case will be wrong and it can cause buffer overflow.
Detected with address sanitizer:
0 (/usr/lib64/libasan.so.4+0x60b57)
1 vfscanf (/usr/lib64/libasan.so.4+0x6170f)
2 __interceptor_fscanf (/usr/lib64/libasan.so.4+0x61823)
3 mlx5_sysfs_switch_info ../drivers/net/mlx5/linux/mlx5_ethdev_os.c:1098
4 mlx5_os_pci_probe_pf ../drivers/net/mlx5/linux/mlx5_os.c:2417
5 mlx5_os_pci_probe ../drivers/net/mlx5/linux/mlx5_os.c:2647
6 mlx5_os_net_probe ../drivers/net/mlx5/linux/mlx5_os.c:2722
7 drivers_probe ../drivers/common/mlx5/mlx5_common.c:657
8 mlx5_common_dev_probe ../drivers/common/mlx5/mlx5_common.c:711
9 rte_pci_probe_one_driver ../drivers/bus/pci/pci_common.c:269
10 pci_probe_all_drivers ../drivers/bus/pci/pci_common.c:353
11 pci_probe ../drivers/bus/pci/pci_common.c:380
12 rte_bus_probe ../lib/eal/common/eal_common_bus.c:72
13 rte_eal_init ../lib/eal/linux/eal.c:1286
14 main ../app/test-pmd/testpmd.c:4112
15 __libc_start_main (/usr/lib64/libc.so.6+0x23f7f)
16 _start (dpdk/arm64-armv8a-linuxapp-gcc/app/dpdk-testpmd+0x4c88a3)
Fixes: 63d1db710fbc ("net/mlx5: fix unlimited parsing of switch info")
Cc: stable at dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian at huawei.com>
---
drivers/net/mlx5/linux/mlx5_ethdev_os.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/mlx5/linux/mlx5_ethdev_os.c b/drivers/net/mlx5/linux/mlx5_ethdev_os.c
index c19825ee52..1d97110864 100644
--- a/drivers/net/mlx5/linux/mlx5_ethdev_os.c
+++ b/drivers/net/mlx5/linux/mlx5_ethdev_os.c
@@ -1066,7 +1066,7 @@ int
mlx5_sysfs_switch_info(unsigned int ifindex, struct mlx5_switch_info *info)
{
char ifname[IF_NAMESIZE];
- char port_name[IF_NAMESIZE];
+ char port_name[IF_NAMESIZE + 1];
FILE *file;
struct mlx5_switch_info data = {
.master = 0,
--
2.27.0
More information about the stable
mailing list