[dpdk-stable] patch 'ipc: harden message receive' has been queued to LTS release 18.11.2

Kevin Traynor ktraynor at redhat.com
Wed May 8 18:02:09 CEST 2019

Previous message: [dpdk-stable] patch 'ipc: fix send error handling' has been queued to LTS release 18.11.2
Next message: [dpdk-stable] patch 'ipc: handle more invalid parameter cases' has been queued to LTS release 18.11.2
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to LTS release 18.11.2

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 05/14/19. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable-queue/commit/fdadfbdec8696c4fb632f0b3427c1c71a41b62fa

Thanks.

Kevin Traynor

---
>From fdadfbdec8696c4fb632f0b3427c1c71a41b62fa Mon Sep 17 00:00:00 2001
From: Anatoly Burakov <anatoly.burakov at intel.com>
Date: Mon, 29 Apr 2019 15:22:50 +0100
Subject: [PATCH] ipc: harden message receive

[ upstream commit 7b51d1b162914e37bcc511a11efcfbabb44b2eb3 ]

Currently, IPC does not check received messages for invalid data
and passes them to user code unchanged. This may result in buffer
overruns on reading message data. Fix this by checking the message
length and fd number on receive, and discard any messages that
are not valid.

Fixes: bacaa2754017 ("eal: add channel for multi-process communication")

Signed-off-by: Anatoly Burakov <anatoly.burakov at intel.com>
---
 lib/librte_eal/common/eal_common_proc.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/librte_eal/common/eal_common_proc.c b/lib/librte_eal/common/eal_common_proc.c
index 8586474a2..6ffd47686 100644
--- a/lib/librte_eal/common/eal_common_proc.c
+++ b/lib/librte_eal/common/eal_common_proc.c
@@ -286,5 +286,13 @@ read_msg(struct mp_msg_internal *m, struct sockaddr_un *s)
 		}
 	}
-
+	/* sanity-check the response */
+	if (m->msg.num_fds < 0 || m->msg.num_fds > RTE_MP_MAX_FD_NUM) {
+		RTE_LOG(ERR, EAL, "invalid number of fd's received\n");
+		return -1;
+	}
+	if (m->msg.len_param < 0 || m->msg.len_param > RTE_MP_MAX_PARAM_LEN) {
+		RTE_LOG(ERR, EAL, "invalid received data length\n");
+		return -1;
+	}
 	return 0;
 }
-- 
2.20.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2019-05-08 16:33:58.092526158 +0100
+++ 0012-ipc-harden-message-receive.patch	2019-05-08 16:33:57.366579622 +0100
@@ -1 +1 @@
-From 7b51d1b162914e37bcc511a11efcfbabb44b2eb3 Mon Sep 17 00:00:00 2001
+From fdadfbdec8696c4fb632f0b3427c1c71a41b62fa Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 7b51d1b162914e37bcc511a11efcfbabb44b2eb3 ]
+
@@ -13 +14,0 @@
-Cc: stable at dpdk.org

Previous message: [dpdk-stable] patch 'ipc: fix send error handling' has been queued to LTS release 18.11.2
Next message: [dpdk-stable] patch 'ipc: handle more invalid parameter cases' has been queued to LTS release 18.11.2
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list