[dpdk-dev] [PATCH v3] net/virtio: fix of untrusted scalar value

Daniel Mrzyglod Fri, 22 Sep 2017 08:22:21 -0700

The unscrutinized value may be incorrectly assumed to be within a certain
range by later operations.


In vhost_user_read: An unscrutinized value from an untrusted source used
in a trusted context - the value of sz_payload may be harmfull and we need
limit them to the max value of payload.

Coverity issue: 139601

Fixes: 6a84c37e3975 ("net/virtio-user: add vhost-user adapter layer")
Cc: jianfeng....@intel.com
Cc: sta...@dpdk.org

Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyg...@intel.com>
---
v3:
* there were wrong v2 email adress for stable dpdk mailinglist
* fix compilation errors

v2:
* Add Cc for stable in gitlog massage
* Add Coverity line
* v1 was acked by Acked-by: Jianfeng Tan <jianfeng....@intel.com>


 drivers/net/virtio/virtio_user/vhost_user.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/net/virtio/virtio_user/vhost_user.c 
b/drivers/net/virtio/virtio_user/vhost_user.c
index 4ad7b21..97bd832 100644
--- a/drivers/net/virtio/virtio_user/vhost_user.c
+++ b/drivers/net/virtio/virtio_user/vhost_user.c
@@ -130,6 +130,10 @@ vhost_user_read(int fd, struct vhost_user_msg *msg)
        }
 
        sz_payload = msg->size;
+
+       if ((size_t)sz_payload > sizeof(msg->payload))
+               goto fail;
+
        if (sz_payload) {
                ret = recv(fd, (void *)((char *)msg + sz_hdr), sz_payload, 0);
                if (ret < sz_payload) {
-- 
2.7.4

[dpdk-dev] [PATCH v3] net/virtio: fix of untrusted scalar value

Reply via email to