From: Allain Legacy <allain.legacy@windriver.com>
To: <cristian.dumitrescu@intel.com>, <bruce.richardson@intel.com>
Cc: <dev@dpdk.org>, <yuanhan.liu@linux.intel.com>,
<thomas.monjalon@6wind.com>
Subject: [PATCH v3 4/6] cfgfile: use strnlen to constrain memchr search
Date: Tue, 28 Mar 2017 12:44:29 -0400 [thread overview]
Message-ID: <20170328164431.12475-5-allain.legacy@windriver.com> (raw)
In-Reply-To: <20170328164431.12475-1-allain.legacy@windriver.com>
The call to memchr() uses the absolute length of the string buffer instead
of the actual length of the string returned by fgets(). This causes the
search to go beyond the '\n' character and find ';' characters in random
garbage on the stack. This then causes the 'len' variable to be updated
and the subsequent search for the '=' character to potentially find one
beyond the first newline character.
Since this bug relies on ';' and '=' characters appearing in random places
in the 'buffer' variable it is intermittently reproducible at best.
Signed-off-by: Allain Legacy <allain.legacy@windriver.com>
---
lib/librte_cfgfile/rte_cfgfile.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cfgfile.c
index 63e34bbb0..e4a3885b7 100644
--- a/lib/librte_cfgfile/rte_cfgfile.c
+++ b/lib/librte_cfgfile/rte_cfgfile.c
@@ -191,7 +191,7 @@ rte_cfgfile_load_with_params(const char *filename, int flags,
"Check if line too long\n", lineno);
goto error1;
}
- pos = memchr(buffer, params->comment_character, sizeof(buffer));
+ pos = memchr(buffer, params->comment_character, len);
if (pos != NULL) {
*pos = '\0';
len = pos - buffer;
--
2.12.1
next prev parent reply other threads:[~2017-03-28 16:45 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-02 19:29 [PATCH 0/5] librte_cfgfile enhancement Allain Legacy
2017-03-02 19:29 ` [PATCH 1/5] cfgfile: configurable comment character Allain Legacy
2017-03-02 21:10 ` Bruce Richardson
2017-03-02 21:22 ` Legacy, Allain
2017-03-03 0:53 ` Yuanhan Liu
2017-03-03 11:17 ` Dumitrescu, Cristian
2017-03-03 11:31 ` Legacy, Allain
2017-03-03 12:07 ` Dumitrescu, Cristian
2017-03-03 12:14 ` Legacy, Allain
2017-03-03 12:17 ` Dumitrescu, Cristian
2017-03-03 12:18 ` Legacy, Allain
2017-03-03 12:52 ` Dumitrescu, Cristian
2017-03-03 12:10 ` Bruce Richardson
2017-03-03 12:17 ` Legacy, Allain
2017-03-03 13:10 ` Bruce Richardson
2017-03-02 19:29 ` [PATCH 2/5] cfgfile: cfg object not initialized after allocation Allain Legacy
2017-03-02 19:29 ` [PATCH 3/5] cfgfile: add support for unamed global section Allain Legacy
2017-03-03 10:53 ` Dumitrescu, Cristian
2017-03-03 11:03 ` Legacy, Allain
2017-03-03 11:06 ` Dumitrescu, Cristian
2017-03-03 11:15 ` Legacy, Allain
2017-03-03 11:18 ` Dumitrescu, Cristian
2017-03-02 19:29 ` [PATCH 4/5] cfgfile: use strnlen to constrain memchr search Allain Legacy
2017-03-02 19:29 ` [PATCH 5/5] cfgfile: increase local buffer size for max name and value Allain Legacy
2017-03-09 13:46 ` Wiles, Keith
2017-03-09 15:16 ` Legacy, Allain
2017-03-09 15:23 ` Wiles, Keith
2017-03-09 13:10 ` [PATCH v2 0/6] librte_cfgfile enhancements Allain Legacy
2017-03-09 13:10 ` [PATCH v2 1/6] test: basic unit tests for cfgfile Allain Legacy
2017-03-09 13:10 ` [PATCH v2 2/6] cfgfile: add support for unamed global section Allain Legacy
2017-03-09 13:10 ` [PATCH v2 3/6] cfgfile: configurable comment character Allain Legacy
2017-03-27 11:19 ` Dumitrescu, Cristian
2017-03-09 13:10 ` [PATCH v2 4/6] cfgfile: use strnlen to constrain memchr search Allain Legacy
2017-03-09 13:10 ` [PATCH v2 5/6] cfgfile: increase local buffer size for max name and value Allain Legacy
2017-03-09 13:11 ` [PATCH v2 6/6] cfgfile: add support for empty value string Allain Legacy
2017-03-27 10:54 ` Dumitrescu, Cristian
2017-03-27 11:12 ` Legacy, Allain
2017-03-27 11:24 ` Dumitrescu, Cristian
2017-03-27 11:15 ` Legacy, Allain
2017-03-28 8:29 ` [PATCH v2 0/6] librte_cfgfile enhancements Thomas Monjalon
2017-03-28 9:18 ` Bruce Richardson
2017-03-28 9:22 ` Bruce Richardson
2017-03-28 9:41 ` Thomas Monjalon
2017-03-28 9:58 ` Dumitrescu, Cristian
2017-03-28 10:12 ` Thomas Monjalon
2017-03-28 10:20 ` Dumitrescu, Cristian
2017-03-28 15:24 ` Bruce Richardson
2017-03-28 15:41 ` Thomas Monjalon
2017-03-28 15:42 ` Bruce Richardson
2017-03-28 16:44 ` [PATCH v3 " Allain Legacy
2017-03-28 16:44 ` [PATCH v3 1/6] test: basic unit tests for cfgfile Allain Legacy
2017-03-28 16:44 ` [PATCH v3 3/6] cfgfile: add support for configurable comment character Allain Legacy
2017-03-28 16:44 ` Allain Legacy [this message]
2017-03-28 16:44 ` [PATCH v3 6/6] cfgfile: add support for empty value string Allain Legacy
2017-03-30 18:54 ` [PATCH v4 0/6] librte_cfgfile enhancements Allain Legacy
2017-03-30 18:54 ` [PATCH v4 1/6] test: basic unit tests for cfgfile Allain Legacy
2017-03-30 18:54 ` [PATCH v4 2/6] cfgfile: add support for global properties section Allain Legacy
2017-03-30 18:54 ` [PATCH v4 3/6] cfgfile: add support for configurable comment character Allain Legacy
2017-03-31 10:08 ` Thomas Monjalon
2017-03-31 11:08 ` Legacy, Allain
2017-03-30 18:54 ` [PATCH v4 4/6] cfgfile: use strnlen to constrain memchr search Allain Legacy
2017-03-30 18:54 ` [PATCH v4 5/6] cfgfile: increase local buffer size for max name and value Allain Legacy
2017-03-30 18:54 ` [PATCH v4 6/6] cfgfile: add support for empty value string Allain Legacy
2017-03-31 8:57 ` [PATCH v4 0/6] librte_cfgfile enhancements Dumitrescu, Cristian
2017-03-31 13:51 ` [PATCH v5 " Allain Legacy
2017-03-31 13:51 ` [PATCH v5 1/6] test: basic unit tests for cfgfile Allain Legacy
2017-03-31 13:51 ` [PATCH v5 2/6] cfgfile: add support for global properties section Allain Legacy
2017-03-31 13:52 ` [PATCH v5 3/6] cfgfile: add support for configurable comment character Allain Legacy
2017-03-31 13:52 ` [PATCH v5 4/6] cfgfile: use strnlen to constrain memchr search Allain Legacy
2017-03-31 13:52 ` [PATCH v5 5/6] cfgfile: increase local buffer size for max name and value Allain Legacy
2017-03-31 13:52 ` [PATCH v5 6/6] cfgfile: add support for empty value string Allain Legacy
2017-04-04 14:23 ` [PATCH v5 0/6] librte_cfgfile enhancements Thomas Monjalon
[not found] ` <20170329004737.44249-1-allain.legacy@windriver.com>
2017-03-29 0:47 ` [PATCH v3 1/6] test: basic unit tests for cfgfile Allain Legacy
2017-03-29 0:47 ` [PATCH v3 3/6] cfgfile: add support for configurable comment character Allain Legacy
2017-03-29 9:22 ` Dumitrescu, Cristian
2017-03-29 11:31 ` Legacy, Allain
2017-03-29 0:47 ` [PATCH v3 5/6] cfgfile: increase local buffer size for max name and value Allain Legacy
[not found] ` <20170329004737.44249-7-allain.legacy@windriver.com>
2017-03-29 9:31 ` [PATCH v3 6/6] cfgfile: add support for empty value string Dumitrescu, Cristian
2017-03-29 11:33 ` Legacy, Allain
[not found] ` <20170329004737.44249-3-allain.legacy@windriver.com>
2017-03-29 9:33 ` [PATCH v3 2/6] cfgfile: add support for global properties section Dumitrescu, Cristian
2017-03-29 11:35 ` Legacy, Allain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170328164431.12475-5-allain.legacy@windriver.com \
--to=allain.legacy@windriver.com \
--cc=bruce.richardson@intel.com \
--cc=cristian.dumitrescu@intel.com \
--cc=dev@dpdk.org \
--cc=thomas.monjalon@6wind.com \
--cc=yuanhan.liu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.