summaryrefslogtreecommitdiff
path: root/lib/librte_cmdline
diff options
context:
space:
mode:
authorAlan Carew <alan.carew@intel.com>2014-12-05 15:19:07 +0100
committerThomas Monjalon <thomas.monjalon@6wind.com>2014-12-05 16:54:53 +0100
commitaaa662e75c23c61a1d79bd4d1f9f35b4967c39db (patch)
treebb3195d876d3dc798b4576ec26aadf9f225389de /lib/librte_cmdline
parent29d03f7aa33edc3292bf75730ec684dd4cbe5054 (diff)
downloaddpdk-next-eventdev-aaa662e75c23c61a1d79bd4d1f9f35b4967c39db.zip
dpdk-next-eventdev-aaa662e75c23c61a1d79bd4d1f9f35b4967c39db.tar.gz
dpdk-next-eventdev-aaa662e75c23c61a1d79bd4d1f9f35b4967c39db.tar.xz
cmdline: fix overflow on bsd
When using test-pmd with flow director in FreeBSD, the application will segfault/Bus error while parsing the command-line. This is due to how each commands result structure is represented during parsing, where the offsets for each tokens value is stored in a character array(char result_buf[BUFSIZ]) in cmdline_parse()(./lib/librte_cmdline/cmdline_parse.c). The overflow occurs where BUFSIZ is less than the size of a commands result structure, in this case "struct cmd_pkt_filter_result" (app/test-pmd/cmdline.c) is 1088 bytes and BUFSIZ on FreeBSD is 1024 bytes as opposed to 8192 bytes on Linux. The problem can be reproduced by running test-pmd on FreeBSD: ./testpmd -c 0x3 -n 4 -- -i --portmask=0x3 --pkt-filter-mode=perfect And adding a filter: add_perfect_filter 0 udp src 192.168.0.0 1024 dst 192.168.0.0 1024 flexbytes 0x800 vlan 0 queue 0 soft 0x17 This patch removes the OS dependency on BUFSIZ and defines and uses a library #define CMDLINE_PARSE_RESULT_BUFSIZE 8192 Added boundary checking to ensure this buffer size cannot overflow, with an error message being produced. Suggested-by: Olivier Matz <olivier.matz@6wind.com> http://git.droids-corp.org/?p=libcmdline.git;a=commitdiff;h=b1d5b169352e57df3fc14c51ffad4b83f3e5613f Signed-off-by: Alan Carew <alan.carew@intel.com> Signed-off-by: Olivier Matz <olivier.matz@6wind.com> Tested-by: Bruce Richardson <bruce.richardson@intel.com>
Diffstat (limited to 'lib/librte_cmdline')
-rw-r--r--lib/librte_cmdline/cmdline_parse.c35
-rw-r--r--lib/librte_cmdline/cmdline_parse.h11
-rw-r--r--lib/librte_cmdline/cmdline_parse_etheraddr.c5
-rw-r--r--lib/librte_cmdline/cmdline_parse_etheraddr.h4
-rw-r--r--lib/librte_cmdline/cmdline_parse_ipaddr.c6
-rw-r--r--lib/librte_cmdline/cmdline_parse_ipaddr.h4
-rw-r--r--lib/librte_cmdline/cmdline_parse_num.c38
-rw-r--r--lib/librte_cmdline/cmdline_parse_num.h4
-rw-r--r--lib/librte_cmdline/cmdline_parse_portlist.c5
-rw-r--r--lib/librte_cmdline/cmdline_parse_portlist.h4
-rw-r--r--lib/librte_cmdline/cmdline_parse_string.c6
-rw-r--r--lib/librte_cmdline/cmdline_parse_string.h2
12 files changed, 95 insertions, 29 deletions
diff --git a/lib/librte_cmdline/cmdline_parse.c b/lib/librte_cmdline/cmdline_parse.c
index 940480d..dfc885c 100644
--- a/lib/librte_cmdline/cmdline_parse.c
+++ b/lib/librte_cmdline/cmdline_parse.c
@@ -138,7 +138,7 @@ nb_common_chars(const char * s1, const char * s2)
*/
static int
match_inst(cmdline_parse_inst_t *inst, const char *buf,
- unsigned int nb_match_token, void * result_buf)
+ unsigned int nb_match_token, void *resbuf, unsigned resbuf_size)
{
unsigned int token_num=0;
cmdline_parse_token_hdr_t * token_p;
@@ -162,12 +162,23 @@ match_inst(cmdline_parse_inst_t *inst, const char *buf,
if ( isendofline(*buf) || iscomment(*buf) )
break;
- if (result_buf)
- n = token_hdr.ops->parse(token_p, buf,
- (char *)result_buf +
- token_hdr.offset);
- else
- n = token_hdr.ops->parse(token_p, buf, NULL);
+ if (resbuf == NULL) {
+ n = token_hdr.ops->parse(token_p, buf, NULL, 0);
+ } else {
+ unsigned rb_sz;
+
+ if (token_hdr.offset > resbuf_size) {
+ printf("Parse error(%s:%d): Token offset(%u) "
+ "exceeds maximum size(%u)\n",
+ __FILE__, __LINE__,
+ token_hdr.offset, resbuf_size);
+ return -ENOBUFS;
+ }
+ rb_sz = resbuf_size - token_hdr.offset;
+
+ n = token_hdr.ops->parse(token_p, buf, (char *)resbuf +
+ token_hdr.offset, rb_sz);
+ }
if (n < 0)
break;
@@ -219,7 +230,7 @@ cmdline_parse(struct cmdline *cl, const char * buf)
unsigned int inst_num=0;
cmdline_parse_inst_t *inst;
const char *curbuf;
- char result_buf[BUFSIZ];
+ char result_buf[CMDLINE_PARSE_RESULT_BUFSIZE];
void (*f)(void *, struct cmdline *, void *) = NULL;
void *data = NULL;
int comment = 0;
@@ -280,7 +291,7 @@ cmdline_parse(struct cmdline *cl, const char * buf)
debug_printf("INST %d\n", inst_num);
/* fully parsed */
- tok = match_inst(inst, buf, 0, result_buf);
+ tok = match_inst(inst, buf, 0, result_buf, sizeof(result_buf));
if (tok > 0) /* we matched at least one token */
err = CMDLINE_PARSE_BAD_ARGS;
@@ -377,10 +388,10 @@ cmdline_complete(struct cmdline *cl, const char *buf, int *state,
inst = ctx[inst_num];
while (inst) {
/* parse the first tokens of the inst */
- if (nb_token && match_inst(inst, buf, nb_token, NULL))
+ if (nb_token && match_inst(inst, buf, nb_token, NULL, 0))
goto next;
- debug_printf("instruction match \n");
+ debug_printf("instruction match\n");
token_p = inst->tokens[nb_token];
if (token_p)
memcpy(&token_hdr, token_p, sizeof(token_hdr));
@@ -471,7 +482,7 @@ cmdline_complete(struct cmdline *cl, const char *buf, int *state,
/* we need to redo it */
inst = ctx[inst_num];
- if (nb_token && match_inst(inst, buf, nb_token, NULL))
+ if (nb_token && match_inst(inst, buf, nb_token, NULL, 0))
goto next2;
token_p = inst->tokens[nb_token];
diff --git a/lib/librte_cmdline/cmdline_parse.h b/lib/librte_cmdline/cmdline_parse.h
index f18836d..4b25c45 100644
--- a/lib/librte_cmdline/cmdline_parse.h
+++ b/lib/librte_cmdline/cmdline_parse.h
@@ -80,6 +80,9 @@ extern "C" {
#define CMDLINE_PARSE_COMPLETE_AGAIN 1
#define CMDLINE_PARSE_COMPLETED_BUFFER 2
+/* maximum buffer size for parsed result */
+#define CMDLINE_PARSE_RESULT_BUFSIZE 8192
+
/**
* Stores a pointer to the ops struct, and the offset: the place to
* write the parsed result in the destination structure.
@@ -110,12 +113,14 @@ typedef struct cmdline_token_hdr cmdline_parse_token_hdr_t;
* -1 on error and 0 on success.
*/
struct cmdline_token_ops {
- /** parse(token ptr, buf, res pts) */
- int (*parse)(cmdline_parse_token_hdr_t *, const char *, void *);
+ /** parse(token ptr, buf, res pts, buf len) */
+ int (*parse)(cmdline_parse_token_hdr_t *, const char *, void *,
+ unsigned int);
/** return the num of possible choices for this token */
int (*complete_get_nb)(cmdline_parse_token_hdr_t *);
/** return the elt x for this token (token, idx, dstbuf, size) */
- int (*complete_get_elt)(cmdline_parse_token_hdr_t *, int, char *, unsigned int);
+ int (*complete_get_elt)(cmdline_parse_token_hdr_t *, int, char *,
+ unsigned int);
/** get help for this token (token, dstbuf, size) */
int (*get_help)(cmdline_parse_token_hdr_t *, char *, unsigned int);
};
diff --git a/lib/librte_cmdline/cmdline_parse_etheraddr.c b/lib/librte_cmdline/cmdline_parse_etheraddr.c
index 5285c40..64ae86c 100644
--- a/lib/librte_cmdline/cmdline_parse_etheraddr.c
+++ b/lib/librte_cmdline/cmdline_parse_etheraddr.c
@@ -137,12 +137,15 @@ my_ether_aton(const char *a)
int
cmdline_parse_etheraddr(__attribute__((unused)) cmdline_parse_token_hdr_t *tk,
- const char *buf, void *res)
+ const char *buf, void *res, unsigned ressize)
{
unsigned int token_len = 0;
char ether_str[ETHER_ADDRSTRLENLONG+1];
struct ether_addr *tmp;
+ if (res && ressize < sizeof(struct ether_addr))
+ return -1;
+
if (!buf || ! *buf)
return -1;
diff --git a/lib/librte_cmdline/cmdline_parse_etheraddr.h b/lib/librte_cmdline/cmdline_parse_etheraddr.h
index 4427e40..0085bb3 100644
--- a/lib/librte_cmdline/cmdline_parse_etheraddr.h
+++ b/lib/librte_cmdline/cmdline_parse_etheraddr.h
@@ -73,9 +73,9 @@ typedef struct cmdline_token_etheraddr cmdline_parse_token_etheraddr_t;
extern struct cmdline_token_ops cmdline_token_etheraddr_ops;
int cmdline_parse_etheraddr(cmdline_parse_token_hdr_t *tk, const char *srcbuf,
- void *res);
+ void *res, unsigned ressize);
int cmdline_get_help_etheraddr(cmdline_parse_token_hdr_t *tk, char *dstbuf,
- unsigned int size);
+ unsigned int size);
#define TOKEN_ETHERADDR_INITIALIZER(structure, field) \
{ \
diff --git a/lib/librte_cmdline/cmdline_parse_ipaddr.c b/lib/librte_cmdline/cmdline_parse_ipaddr.c
index ac83514..7f33599 100644
--- a/lib/librte_cmdline/cmdline_parse_ipaddr.c
+++ b/lib/librte_cmdline/cmdline_parse_ipaddr.c
@@ -306,7 +306,8 @@ inet_pton6(const char *src, unsigned char *dst)
}
int
-cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
+cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res,
+ unsigned ressize)
{
struct cmdline_token_ipaddr *tk2;
unsigned int token_len = 0;
@@ -315,6 +316,9 @@ cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
char *prefix, *prefix_end;
long prefixlen = 0;
+ if (res && ressize < sizeof(cmdline_ipaddr_t))
+ return -1;
+
if (!buf || !tk || ! *buf)
return -1;
diff --git a/lib/librte_cmdline/cmdline_parse_ipaddr.h b/lib/librte_cmdline/cmdline_parse_ipaddr.h
index 0e2f490..296c374 100644
--- a/lib/librte_cmdline/cmdline_parse_ipaddr.h
+++ b/lib/librte_cmdline/cmdline_parse_ipaddr.h
@@ -92,9 +92,9 @@ typedef struct cmdline_token_ipaddr cmdline_parse_token_ipaddr_t;
extern struct cmdline_token_ops cmdline_token_ipaddr_ops;
int cmdline_parse_ipaddr(cmdline_parse_token_hdr_t *tk, const char *srcbuf,
- void *res);
+ void *res, unsigned ressize);
int cmdline_get_help_ipaddr(cmdline_parse_token_hdr_t *tk, char *dstbuf,
- unsigned int size);
+ unsigned int size);
#define TOKEN_IPADDR_INITIALIZER(structure, field) \
{ \
diff --git a/lib/librte_cmdline/cmdline_parse_num.c b/lib/librte_cmdline/cmdline_parse_num.c
index 0b9e4d0..d8cf37f 100644
--- a/lib/librte_cmdline/cmdline_parse_num.c
+++ b/lib/librte_cmdline/cmdline_parse_num.c
@@ -119,10 +119,40 @@ add_to_res(unsigned int c, uint64_t *res, unsigned int base)
return 0;
}
+static int
+check_res_size(struct cmdline_token_num_data *nd, unsigned ressize)
+{
+ switch (nd->type) {
+ case INT8:
+ case UINT8:
+ if (ressize < sizeof(int8_t))
+ return -1;
+ break;
+ case INT16:
+ case UINT16:
+ if (ressize < sizeof(int16_t))
+ return -1;
+ break;
+ case INT32:
+ case UINT32:
+ if (ressize < sizeof(int32_t))
+ return -1;
+ break;
+ case INT64:
+ case UINT64:
+ if (ressize < sizeof(int64_t))
+ return -1;
+ break;
+ default:
+ return -1;
+ }
+ return 0;
+}
/* parse an int */
int
-cmdline_parse_num(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res)
+cmdline_parse_num(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res,
+ unsigned ressize)
{
struct cmdline_token_num_data nd;
enum num_parse_state_t st = START;
@@ -141,6 +171,12 @@ cmdline_parse_num(cmdline_parse_token_hdr_t *tk, const char *srcbuf, void *res)
memcpy(&nd, &((struct cmdline_token_num *)tk)->num_data, sizeof(nd));
+ /* check that we have enough room in res */
+ if (res) {
+ if (check_res_size(&nd, ressize) < 0)
+ return -1;
+ }
+
while ( st != ERROR && c && ! cmdline_isendoftoken(c) ) {
debug_printf("%c %x -> ", c, c);
switch (st) {
diff --git a/lib/librte_cmdline/cmdline_parse_num.h b/lib/librte_cmdline/cmdline_parse_num.h
index 77f2f9b..5376806 100644
--- a/lib/librte_cmdline/cmdline_parse_num.h
+++ b/lib/librte_cmdline/cmdline_parse_num.h
@@ -89,9 +89,9 @@ typedef struct cmdline_token_num cmdline_parse_token_num_t;
extern struct cmdline_token_ops cmdline_token_num_ops;
int cmdline_parse_num(cmdline_parse_token_hdr_t *tk,
- const char *srcbuf, void *res);
+ const char *srcbuf, void *res, unsigned ressize);
int cmdline_get_help_num(cmdline_parse_token_hdr_t *tk,
- char *dstbuf, unsigned int size);
+ char *dstbuf, unsigned int size);
#define TOKEN_NUM_INITIALIZER(structure, field, numtype) \
{ \
diff --git a/lib/librte_cmdline/cmdline_parse_portlist.c b/lib/librte_cmdline/cmdline_parse_portlist.c
index 7eac05c..834f2e6 100644
--- a/lib/librte_cmdline/cmdline_parse_portlist.c
+++ b/lib/librte_cmdline/cmdline_parse_portlist.c
@@ -127,7 +127,7 @@ parse_ports(cmdline_portlist_t * pl, const char * str)
int
cmdline_parse_portlist(__attribute__((unused)) cmdline_parse_token_hdr_t *tk,
- const char *buf, void *res)
+ const char *buf, void *res, unsigned ressize)
{
unsigned int token_len = 0;
char portlist_str[PORTLIST_TOKEN_SIZE+1];
@@ -136,6 +136,9 @@ cmdline_parse_portlist(__attribute__((unused)) cmdline_parse_token_hdr_t *tk,
if (!buf || ! *buf)
return (-1);
+ if (res && ressize < PORTLIST_TOKEN_SIZE)
+ return -1;
+
pl = res;
while (!cmdline_isendoftoken(buf[token_len]) &&
diff --git a/lib/librte_cmdline/cmdline_parse_portlist.h b/lib/librte_cmdline/cmdline_parse_portlist.h
index 6fdc406..8505059 100644
--- a/lib/librte_cmdline/cmdline_parse_portlist.h
+++ b/lib/librte_cmdline/cmdline_parse_portlist.h
@@ -81,9 +81,9 @@ typedef struct cmdline_token_portlist cmdline_parse_token_portlist_t;
extern struct cmdline_token_ops cmdline_token_portlist_ops;
int cmdline_parse_portlist(cmdline_parse_token_hdr_t *tk,
- const char *srcbuf, void *res);
+ const char *srcbuf, void *res, unsigned ressize);
int cmdline_get_help_portlist(cmdline_parse_token_hdr_t *tk,
- char *dstbuf, unsigned int size);
+ char *dstbuf, unsigned int size);
#define TOKEN_PORTLIST_INITIALIZER(structure, field) \
{ \
diff --git a/lib/librte_cmdline/cmdline_parse_string.c b/lib/librte_cmdline/cmdline_parse_string.c
index b1bfe91..45883b3 100644
--- a/lib/librte_cmdline/cmdline_parse_string.c
+++ b/lib/librte_cmdline/cmdline_parse_string.c
@@ -105,13 +105,17 @@ get_next_token(const char *s)
}
int
-cmdline_parse_string(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
+cmdline_parse_string(cmdline_parse_token_hdr_t *tk, const char *buf, void *res,
+ unsigned ressize)
{
struct cmdline_token_string *tk2;
struct cmdline_token_string_data *sd;
unsigned int token_len;
const char *str;
+ if (res && ressize < STR_TOKEN_SIZE)
+ return -1;
+
if (!tk || !buf || ! *buf)
return -1;
diff --git a/lib/librte_cmdline/cmdline_parse_string.h b/lib/librte_cmdline/cmdline_parse_string.h
index 52c916c..c205622 100644
--- a/lib/librte_cmdline/cmdline_parse_string.h
+++ b/lib/librte_cmdline/cmdline_parse_string.h
@@ -83,7 +83,7 @@ typedef struct cmdline_token_string cmdline_parse_token_string_t;
extern struct cmdline_token_ops cmdline_token_string_ops;
int cmdline_parse_string(cmdline_parse_token_hdr_t *tk, const char *srcbuf,
- void *res);
+ void *res, unsigned ressize);
int cmdline_complete_get_nb_string(cmdline_parse_token_hdr_t *tk);
int cmdline_complete_get_elt_string(cmdline_parse_token_hdr_t *tk, int idx,
char *dstbuf, unsigned int size);