From patchwork Fri Jul 29 14:58:24 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Uvarov X-Patchwork-Id: 73044 Delivered-To: patch@linaro.org Received: by 10.140.29.52 with SMTP id a49csp1433280qga; Fri, 29 Jul 2016 07:58:39 -0700 (PDT) X-Received: by 10.55.212.218 with SMTP id s87mr3753896qks.10.1469804319251; Fri, 29 Jul 2016 07:58:39 -0700 (PDT) Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id z88si12440620qtc.23.2016.07.29.07.58.38; Fri, 29 Jul 2016 07:58:39 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=pass (p=NONE dis=NONE) header.from=linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 199F4681EB; Fri, 29 Jul 2016 14:58:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id DAD1361774; Fri, 29 Jul 2016 14:58:34 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 6B145622E7; Fri, 29 Jul 2016 14:58:32 +0000 (UTC) Received: from mail-lf0-f44.google.com (mail-lf0-f44.google.com [209.85.215.44]) by lists.linaro.org (Postfix) with ESMTPS id 327D161735 for ; Fri, 29 Jul 2016 14:58:31 +0000 (UTC) Received: by mail-lf0-f44.google.com with SMTP id l69so73176647lfg.1 for ; Fri, 29 Jul 2016 07:58:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=K10oaBIurl/xTTHIyKHzJFr33DG/ww7wVmkVEvhKzhI=; b=Bjx61FIEfL4vKqezfeZ/JnB76PHCH7xoQaGntHTxtbn5d4G+O/6Q6ZJ03khiWZQPJu /0Dl1eyvBhJfZM9SG+pHAKkX1iFGyXRBDqUdfvCpB13Bc8awUMsnnQAsG5t7TmClUMje x3p66RwXM5fsCkR+1yXKS5sPd5hhqbX7Nn5ZrUID7Jz9ymg31Vz24LZ5oGXKgdbTSS89 hHp+OX8xlC6qawZuyxT+OePdTMSM++mLdQSOvklTFiPY8qkpGzDHKy/kNymiToU+D+h9 zWAAjoAuzgj2hUf1Ee9O5em+XZJZUzMMXgUYdsBDn1Vf+kJ2EWacgmVq9eFki+1ruoaB Rh5w== X-Gm-Message-State: AEkooutKgzm9gApoqSEF11NZZxXkFUvWSzotP40uWBkSLQof5ytSzRjsx9Zd2GH9M94Jzp1x1WU= X-Received: by 10.25.212.5 with SMTP id l5mr17472759lfg.73.1469804309698; Fri, 29 Jul 2016 07:58:29 -0700 (PDT) Received: from maxim-Aspire-VN7-791.d-systems.local ([185.75.190.112]) by smtp.gmail.com with ESMTPSA id 90sm2840015lfs.7.2016.07.29.07.58.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 29 Jul 2016 07:58:29 -0700 (PDT) From: Maxim Uvarov To: lng-odp@lists.linaro.org Date: Fri, 29 Jul 2016 17:58:24 +0300 Message-Id: <1469804304-30798-1-git-send-email-maxim.uvarov@linaro.org> X-Mailer: git-send-email 2.7.1.250.gff4ea60 X-Topics: patch Subject: [lng-odp] [PATCH] linux-gen: fix possible overflow in pktio ipc code X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" Add additional check before coping from pointer to array for pool name. In general it should never happen until somebody will corrupt shared memory. Signed-off-by: Maxim Uvarov --- platform/linux-generic/pktio/ipc.c | 6 ++++++ 1 file changed, 6 insertions(+) -- 2.7.1.250.gff4ea60 Reviewed-by: Bill Fischofer diff --git a/platform/linux-generic/pktio/ipc.c b/platform/linux-generic/pktio/ipc.c index f9e7a00..d97e495 100644 --- a/platform/linux-generic/pktio/ipc.c +++ b/platform/linux-generic/pktio/ipc.c @@ -211,6 +211,12 @@ static int _ipc_init_master(pktio_entry_t *pktio_entry, /* Set up pool name for remote info */ pinfo = pktio_entry->s.ipc.pinfo; pool_name = _ipc_odp_buffer_pool_shm_name(pool); + if (strlen(pool_name) > ODP_POOL_NAME_LEN) { + ODP_DBG("pid %d ipc pool name %s is too big %d\n", + getpid(), pool_name, strlen(pool_name)); + goto free_s_prod; + } + memcpy(pinfo->master.pool_name, pool_name, strlen(pool_name)); pinfo->master.shm_pkt_pool_size = pool_entry->s.pool_size; pinfo->master.shm_pool_bufs_num = pool_entry->s.buf_num;