| Message ID | 1469804304-30798-1-git-send-email-maxim.uvarov@linaro.org |
|---|---|
| State | Accepted |
| Commit | b007f9d72b085005ba7b19355885c7f0096899e2 |
| Headers | show |
https://bugs.linaro.org/show_bug.cgi?id=2424 On 07/29/16 17:58, Maxim Uvarov wrote: > Add additional check before coping from pointer to > array for pool name. In general it should never happen > until somebody will corrupt shared memory. > > Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org> > --- > platform/linux-generic/pktio/ipc.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/platform/linux-generic/pktio/ipc.c b/platform/linux-generic/pktio/ipc.c > index f9e7a00..d97e495 100644 > --- a/platform/linux-generic/pktio/ipc.c > +++ b/platform/linux-generic/pktio/ipc.c > @@ -211,6 +211,12 @@ static int _ipc_init_master(pktio_entry_t *pktio_entry, > /* Set up pool name for remote info */ > pinfo = pktio_entry->s.ipc.pinfo; > pool_name = _ipc_odp_buffer_pool_shm_name(pool); > + if (strlen(pool_name) > ODP_POOL_NAME_LEN) { > + ODP_DBG("pid %d ipc pool name %s is too big %d\n", > + getpid(), pool_name, strlen(pool_name)); > + goto free_s_prod; > + } > + > memcpy(pinfo->master.pool_name, pool_name, strlen(pool_name)); > pinfo->master.shm_pkt_pool_size = pool_entry->s.pool_size; > pinfo->master.shm_pool_bufs_num = pool_entry->s.buf_num;
Can you put the Bug reference that this is fixing into the git commit log? That's helpful when it comes to building the CHANGELOG for the release. On Fri, Jul 29, 2016 at 9:58 AM, Maxim Uvarov <maxim.uvarov@linaro.org> wrote: > Add additional check before coping from pointer to > array for pool name. In general it should never happen > until somebody will corrupt shared memory. > > Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org> > Reviewed-by: Bill Fischofer <bill.fischofer@linaro.org> > --- > platform/linux-generic/pktio/ipc.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/platform/linux-generic/pktio/ipc.c > b/platform/linux-generic/pktio/ipc.c > index f9e7a00..d97e495 100644 > --- a/platform/linux-generic/pktio/ipc.c > +++ b/platform/linux-generic/pktio/ipc.c > @@ -211,6 +211,12 @@ static int _ipc_init_master(pktio_entry_t > *pktio_entry, > /* Set up pool name for remote info */ > pinfo = pktio_entry->s.ipc.pinfo; > pool_name = _ipc_odp_buffer_pool_shm_name(pool); > + if (strlen(pool_name) > ODP_POOL_NAME_LEN) { > + ODP_DBG("pid %d ipc pool name %s is too big %d\n", > + getpid(), pool_name, strlen(pool_name)); > + goto free_s_prod; > + } > + > memcpy(pinfo->master.pool_name, pool_name, strlen(pool_name)); > pinfo->master.shm_pkt_pool_size = pool_entry->s.pool_size; > pinfo->master.shm_pool_bufs_num = pool_entry->s.buf_num; > -- > 2.7.1.250.gff4ea60 > >
Merged (with bug number) Maxim. On 07/29/16 18:10, Bill Fischofer wrote: > Can you put the Bug reference that this is fixing into the git commit > log? That's helpful when it comes to building the CHANGELOG for the > release. > > On Fri, Jul 29, 2016 at 9:58 AM, Maxim Uvarov <maxim.uvarov@linaro.org > <mailto:maxim.uvarov@linaro.org>> wrote: > > Add additional check before coping from pointer to > array for pool name. In general it should never happen > until somebody will corrupt shared memory. > > Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org > <mailto:maxim.uvarov@linaro.org>> > > > Reviewed-by: Bill Fischofer <bill.fischofer@linaro.org > <mailto:bill.fischofer@linaro.org>> > > --- > platform/linux-generic/pktio/ipc.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/platform/linux-generic/pktio/ipc.c > b/platform/linux-generic/pktio/ipc.c > index f9e7a00..d97e495 100644 > --- a/platform/linux-generic/pktio/ipc.c > +++ b/platform/linux-generic/pktio/ipc.c > @@ -211,6 +211,12 @@ static int _ipc_init_master(pktio_entry_t > *pktio_entry, > /* Set up pool name for remote info */ > pinfo = pktio_entry->s.ipc.pinfo; > pool_name = _ipc_odp_buffer_pool_shm_name(pool); > + if (strlen(pool_name) > ODP_POOL_NAME_LEN) { > + ODP_DBG("pid %d ipc pool name %s is too big %d\n", > + getpid(), pool_name, strlen(pool_name)); > + goto free_s_prod; > + } > + > memcpy(pinfo->master.pool_name, pool_name, strlen(pool_name)); > pinfo->master.shm_pkt_pool_size = pool_entry->s.pool_size; > pinfo->master.shm_pool_bufs_num = pool_entry->s.buf_num; > -- > 2.7.1.250.gff4ea60 > >
diff --git a/platform/linux-generic/pktio/ipc.c b/platform/linux-generic/pktio/ipc.c index f9e7a00..d97e495 100644 --- a/platform/linux-generic/pktio/ipc.c +++ b/platform/linux-generic/pktio/ipc.c @@ -211,6 +211,12 @@ static int _ipc_init_master(pktio_entry_t *pktio_entry, /* Set up pool name for remote info */ pinfo = pktio_entry->s.ipc.pinfo; pool_name = _ipc_odp_buffer_pool_shm_name(pool); + if (strlen(pool_name) > ODP_POOL_NAME_LEN) { + ODP_DBG("pid %d ipc pool name %s is too big %d\n", + getpid(), pool_name, strlen(pool_name)); + goto free_s_prod; + } + memcpy(pinfo->master.pool_name, pool_name, strlen(pool_name)); pinfo->master.shm_pkt_pool_size = pool_entry->s.pool_size; pinfo->master.shm_pool_bufs_num = pool_entry->s.buf_num;
Add additional check before coping from pointer to array for pool name. In general it should never happen until somebody will corrupt shared memory. Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org> --- platform/linux-generic/pktio/ipc.c | 6 ++++++ 1 file changed, 6 insertions(+) -- 2.7.1.250.gff4ea60