From mboxrd@z Thu Jan 1 00:00:00 1970 From: Olivier MATZ Subject: Re: [PATCH] librte_cmdline: FreeBSD Fix oveflow when size of command result structure is greater than BUFSIZ Date: Wed, 03 Dec 2014 17:05:13 +0100 Message-ID: <547F34B9.7090400@6wind.com> References: <1413818593-26269-1-git-send-email-alan.carew@intel.com> <0E29434AEE0C3A4180987AB476A6F6306D281C01@IRSMSX109.ger.corp.intel.com> <544E0CF2.8090408@6wind.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit To: "Carew, Alan" , "dev-VfR2kkLFssw@public.gmane.org" Return-path: In-Reply-To: <544E0CF2.8090408-pdR9zngts4EAvxtiuMwx3w@public.gmane.org> List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces-VfR2kkLFssw@public.gmane.org Sender: "dev" Hi, On 10/27/2014 10:14 AM, Olivier MATZ wrote: > Hello Alan, > > On 10/20/2014 05:26 PM, Carew, Alan wrote: >> A comment on my own patch. >> >> Making the size of result_buf consistent across each OS and keeping it as large >> as the Linux BUFSIZ(8192) doesn't really address the core issue. >> >> In the event that a user of librte_cmdline creates a custom context with a >> result structure > 8192 bytes then this problem will occur again, though >> somewhat unlikely, as the minimum number of the largest type would be 64 x >> cmdline_fixed_string_t types within a result structure, at its current size. >> >> There is no checking of overflow, I would be tempted to add a runtime check in >> cmdline_parse()/match_inst(), however I would be more comfortable with a build >> time check for this type of problem. >> >> Due to the opaque handling of user defined contexts there is no obvious way to >> do this at build time. >> >> Thoughts? > > Indeed, your patch does not address the core issue of the problem, > altough it's already an improvement to the current situation. > > Your issue was already fixed in the latest libcmdline library by > this patch (which also includes the replacement of BUFSIZ): > http://git.droids-corp.org/?p=libcmdline.git;a=commitdiff;h=b1d5b169352e57df3fc14c51ffad4b83f3e5613f > > I'm pretty sure it won't apply smoothly on the dpdk command line > library but it can probably be adapted. Ideally, the latest libcmdline > library should be [cleaned first and] merged in dpdk.org. Sorry, I had no time to deeply check this. I think your patch can go in 1.8 as it's still an enhancement compared to the current situation. We may go back on this later. Acked-by: Olivier Matz