From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5033EC4338F for ; Tue, 24 Aug 2021 02:14:16 +0000 (UTC) Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by mail.kernel.org (Postfix) with ESMTP id C7D3661361 for ; Tue, 24 Aug 2021 02:14:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org C7D3661361 Authentication-Results: mail.kernel.org; dmarc=pass (p=none dis=none) header.from=dpdk.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dpdk.org Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B56A9406A3; Tue, 24 Aug 2021 04:14:14 +0200 (CEST) Received: from inbox.dpdk.org (inbox.dpdk.org [95.142.172.178]) by mails.dpdk.org (Postfix) with ESMTP id 450DE4014D for ; Tue, 24 Aug 2021 04:14:13 +0200 (CEST) Received: by inbox.dpdk.org (Postfix, from userid 33) id 1A29EA0C4D; Tue, 24 Aug 2021 04:14:13 +0200 (CEST) From: bugzilla@dpdk.org To: dev@dpdk.org Date: Tue, 24 Aug 2021 02:14:12 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: DPDK X-Bugzilla-Component: core X-Bugzilla-Version: 21.08 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: zhihongx.peng@intel.com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: dev@dpdk.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://bugs.dpdk.org/ Auto-Submitted: auto-generated X-Auto-Response-Suppress: All MIME-Version: 1.0 Subject: [dpdk-dev] [Bug 792] The dev_uev_parse function has a stack overflow bug. X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" https://bugs.dpdk.org/show_bug.cgi?id=3D792 Bug ID: 792 Summary: The dev_uev_parse function has a stack overflow bug. Product: DPDK Version: 21.08 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: Normal Component: core Assignee: dev@dpdk.org Reporter: zhihongx.peng@intel.com Target Milestone: --- Code: static int dev_uev_parse(const char *buf, struct rte_dev_event *event, int length) { char action[EAL_UEV_MSG_ELEM_LEN]; char subsystem[EAL_UEV_MSG_ELEM_LEN]; char pci_slot_name[EAL_UEV_MSG_ELEM_LEN]; int i =3D 0; memset(action, 0, EAL_UEV_MSG_ELEM_LEN); memset(subsystem, 0, EAL_UEV_MSG_ELEM_LEN); memset(pci_slot_name, 0, EAL_UEV_MSG_ELEM_LEN); while (i < length) { for (; i < length; i++) { if (*buf) break; buf++; } /** * check device uevent from kernel side, no need to check * uevent from udev. */ if (!strncmp(buf, "libudev", 7)) { buf +=3D 7; i +=3D 7; return -1; } if (!strncmp(buf, "ACTION=3D", 7)) { buf +=3D 7; i +=3D 7; strlcpy(action, buf, sizeof(action)); } else if (!strncmp(buf, "SUBSYSTEM=3D", 10)) { buf +=3D 10; i +=3D 10; strlcpy(subsystem, buf, sizeof(subsystem)); } else if (!strncmp(buf, "PCI_SLOT_NAME=3D", 14)) { buf +=3D 14; i +=3D 14; strlcpy(pci_slot_name, buf, sizeof(subsystem)); event->devname =3D strdup(pci_slot_name); } Bug description: Because the minimum length of the buff is not judged, when the length of the buff is less than 7, strncmp will stack buff overflow. --=20 You are receiving this mail because: You are the assignee for the bug.=