From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Wiles, Keith" <keith.wiles@intel.com>
Subject: Re: [PATCH 5/5] cfgfile: increase local buffer size for
 max	name and value
Date: Thu, 9 Mar 2017 13:46:26 +0000
Message-ID: <8258C19A-889A-475B-9F29-33949ABCF8EE@intel.com>
References: <1488482971-170522-1-git-send-email-allain.legacy@windriver.com>
 <1488482971-170522-6-git-send-email-allain.legacy@windriver.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Cc: "Richardson, Bruce" <bruce.richardson@intel.com>, "Dumitrescu, Cristian"
 <cristian.dumitrescu@intel.com>, "dev@dpdk.org" <dev@dpdk.org>, "Jolliffe,
 Ian (Wind River)" <ian.jolliffe@windriver.com>
To: "Legacy, Allain (Wind River)" <allain.legacy@windriver.com>
Return-path: <dev-bounces@dpdk.org>
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 by dpdk.org (Postfix) with ESMTP id 42B202B8C
 for <dev@dpdk.org>; Thu,  9 Mar 2017 14:46:28 +0100 (CET)
In-Reply-To: <1488482971-170522-6-git-send-email-allain.legacy@windriver.com>
Content-Language: en-US
Content-ID: <5B68946C11BF44438BB8E8EFA0CA98BA@intel.com>
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>


> On Mar 2, 2017, at 1:29 PM, Allain Legacy <allain.legacy@windriver.com> w=
rote:
>=20
> From: Joseph Richard <joseph.richard@windriver.com>
>=20
> When parsing a ini file with a "key =3D value" line that has both "key" a=
nd
> "value" sized to the maximum allowed length causes a parsing failure.  Th=
e
> internal "buffer" variable should be sized at least as large as the maxim=
um
> for both fields.  This commit updates the local array to be sized to hold
> the max name, max value, " =3D ", and the nul terminator.
>=20
> Signed-off-by: Allain Legacy <allain.legacy@windriver.com>
> ---
> lib/librte_cfgfile/rte_cfgfile.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>=20
> diff --git a/lib/librte_cfgfile/rte_cfgfile.c b/lib/librte_cfgfile/rte_cf=
gfile.c
> index 28956ea..107d637 100644
> --- a/lib/librte_cfgfile/rte_cfgfile.c
> +++ b/lib/librte_cfgfile/rte_cfgfile.c
> @@ -92,7 +92,7 @@ struct rte_cfgfile *
> 	int allocated_entries =3D 0;
> 	int curr_section =3D -1;
> 	int curr_entry =3D -1;
> -	char buffer[256] =3D {0};
> +	char buffer[CFG_NAME_LEN + CFG_VALUE_LEN + 4] =3D {0};

Would this change still cause a failure and memory over write if the user d=
ecides to have very large string. Does the code check the lengths to make s=
ure they are valid and return error?

If the code is testing the size and make sure a memory over write does not =
happen, then I am OK with acking this patch.=20

> 	int lineno =3D 0;
> 	size_t size;
> 	struct rte_cfgfile *cfg =3D NULL;
> --=20
> 1.8.3.1
>=20

Regards,
Keith