The hexadecimal string parser does not check the target
field buffer size, buffer overflow happens and might
cause the application failure (segmentation fault
is observed usually).
Fixes: 169a9fed1f4c ("app/testpmd: fix hex string parser support for flow API")
Cc: sta...@dpdk.org
Signed-off-by: Viacheslav Ovsiienko <viachesl...@nvidia.com>
Acked-by: Ori Kam <or...@nvidia.com>
---
app/test-pmd/cmdline_flow.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/app/test-pmd/cmdline_flow.c b/app/test-pmd/cmdline_flow.c
index 736029c4fd..6827d9228f 100644
--- a/app/test-pmd/cmdline_flow.c
+++ b/app/test-pmd/cmdline_flow.c
@@ -7291,10 +7291,13 @@ parse_hex(struct context *ctx, const struct token
*token,
hexlen -= 2;
}
if (hexlen > length)
- return -1;
+ goto error;
ret = parse_hex_string(str, hex_tmp, &hexlen);
if (ret < 0)
goto error;
+ /* Check the converted binary fits into data buffer. */
+ if (hexlen > size)
+ goto error;
/* Let parse_int() fill length information first. */
ret = snprintf(tmp, sizeof(tmp), "%u", hexlen);
if (ret < 0)
--
2.18.1
