From mboxrd@z Thu Jan 1 00:00:00 1970 From: Thomas Monjalon Subject: Re: [PATCH] librte_cmdline: FreeBSD Fix oveflow when size of command result structure is greater than BUFSIZ Date: Wed, 03 Dec 2014 19:12:32 +0100 Message-ID: <1507264.Zu5HfbIg9Y@xps13> References: <1413818593-26269-1-git-send-email-alan.carew@intel.com> <544E0CF2.8090408@6wind.com> <547F34B9.7090400@6wind.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7Bit Cc: dev-VfR2kkLFssw@public.gmane.org To: "Carew, Alan" Return-path: In-Reply-To: <547F34B9.7090400-pdR9zngts4EAvxtiuMwx3w@public.gmane.org> List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces-VfR2kkLFssw@public.gmane.org Sender: "dev" 2014-12-03 17:05, Olivier MATZ: > Hi, > > On 10/27/2014 10:14 AM, Olivier MATZ wrote: > > Hello Alan, > > > > On 10/20/2014 05:26 PM, Carew, Alan wrote: > >> A comment on my own patch. > >> > >> Making the size of result_buf consistent across each OS and keeping it as large > >> as the Linux BUFSIZ(8192) doesn't really address the core issue. > >> > >> In the event that a user of librte_cmdline creates a custom context with a > >> result structure > 8192 bytes then this problem will occur again, though > >> somewhat unlikely, as the minimum number of the largest type would be 64 x > >> cmdline_fixed_string_t types within a result structure, at its current size. > >> > >> There is no checking of overflow, I would be tempted to add a runtime check in > >> cmdline_parse()/match_inst(), however I would be more comfortable with a build > >> time check for this type of problem. > >> > >> Due to the opaque handling of user defined contexts there is no obvious way to > >> do this at build time. > >> > >> Thoughts? > > > > Indeed, your patch does not address the core issue of the problem, > > altough it's already an improvement to the current situation. > > > > Your issue was already fixed in the latest libcmdline library by > > this patch (which also includes the replacement of BUFSIZ): > > http://git.droids-corp.org/?p=libcmdline.git;a=commitdiff;h=b1d5b169352e57df3fc14c51ffad4b83f3e5613f > > > > I'm pretty sure it won't apply smoothly on the dpdk command line > > library but it can probably be adapted. Ideally, the latest libcmdline > > library should be [cleaned first and] merged in dpdk.org. > > Sorry, I had no time to deeply check this. I think your patch can > go in 1.8 as it's still an enhancement compared to the current > situation. We may go back on this later. > > Acked-by: Olivier Matz Applied Thanks -- Thomas