path: root/examples/cmdline
diff options
authorAlan Carew <>2014-12-05 15:19:07 +0100
committerThomas Monjalon <>2014-12-05 16:54:53 +0100
commitaaa662e75c23c61a1d79bd4d1f9f35b4967c39db (patch)
treebb3195d876d3dc798b4576ec26aadf9f225389de /examples/cmdline
parent29d03f7aa33edc3292bf75730ec684dd4cbe5054 (diff)
cmdline: fix overflow on bsd
When using test-pmd with flow director in FreeBSD, the application will segfault/Bus error while parsing the command-line. This is due to how each commands result structure is represented during parsing, where the offsets for each tokens value is stored in a character array(char result_buf[BUFSIZ]) in cmdline_parse()(./lib/librte_cmdline/cmdline_parse.c). The overflow occurs where BUFSIZ is less than the size of a commands result structure, in this case "struct cmd_pkt_filter_result" (app/test-pmd/cmdline.c) is 1088 bytes and BUFSIZ on FreeBSD is 1024 bytes as opposed to 8192 bytes on Linux. The problem can be reproduced by running test-pmd on FreeBSD: ./testpmd -c 0x3 -n 4 -- -i --portmask=0x3 --pkt-filter-mode=perfect And adding a filter: add_perfect_filter 0 udp src 1024 dst 1024 flexbytes 0x800 vlan 0 queue 0 soft 0x17 This patch removes the OS dependency on BUFSIZ and defines and uses a library #define CMDLINE_PARSE_RESULT_BUFSIZE 8192 Added boundary checking to ensure this buffer size cannot overflow, with an error message being produced. Suggested-by: Olivier Matz <>;a=commitdiff;h=b1d5b169352e57df3fc14c51ffad4b83f3e5613f Signed-off-by: Alan Carew <> Signed-off-by: Olivier Matz <> Tested-by: Bruce Richardson <>
Diffstat (limited to 'examples/cmdline')
2 files changed, 7 insertions, 2 deletions
diff --git a/examples/cmdline/parse_obj_list.c b/examples/cmdline/parse_obj_list.c
index 2625ca3..cdbaf2f 100644
--- a/examples/cmdline/parse_obj_list.c
+++ b/examples/cmdline/parse_obj_list.c
@@ -84,7 +84,8 @@ struct cmdline_token_ops token_obj_list_ops = {
-parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
+parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *buf, void *res,
+ unsigned ressize)
struct token_obj_list *tk2 = (struct token_obj_list *)tk;
struct token_obj_list_data *tkd = &tk2->obj_list_data;
@@ -94,6 +95,9 @@ parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
if (*buf == 0)
return -1;
+ if (res && ressize < sizeof(struct object *))
+ return -1;
diff --git a/examples/cmdline/parse_obj_list.h b/examples/cmdline/parse_obj_list.h
index 297fec4..871c53a 100644
--- a/examples/cmdline/parse_obj_list.h
+++ b/examples/cmdline/parse_obj_list.h
@@ -91,7 +91,8 @@ typedef struct token_obj_list parse_token_obj_list_t;
extern struct cmdline_token_ops token_obj_list_ops;
-int parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res);
+int parse_obj_list(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res,
+ unsigned ressize);
int complete_get_nb_obj_list(cmdline_parse_token_hdr_t *tk);
int complete_get_elt_obj_list(cmdline_parse_token_hdr_t *tk, int idx,
char *dstbuf, unsigned int size);