On Fri, Sep 22, 2017 at 05:21:49PM +0200, Daniel Mrzyglod wrote:
> The unscrutinized value may be incorrectly assumed to be within a certain
> range by later operations.
>
> In vhost_user_read: An unscrutinized value from an untrusted source used
> in a trusted context - the value of sz_payload may be harmfull and we need
> limit them to the max value of payload.
>
> Coverity issue: 139601
>
> Fixes: 6a84c37e3975 ("net/virtio-user: add vhost-user adapter layer")
> Cc: jianfeng....@intel.com
> Cc: sta...@dpdk.org
>
> Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyg...@intel.com>
FYI, you should put the Ack from Jianfeng here, so that it will be
there when I apply your patch. Otherwise, I have to add it back manually.
But never mind, I have done it this time. So, applied to dpdk-next-virtio.
Thanks.
--yliu
> ---
> v3:
> * there were wrong v2 email adress for stable dpdk mailinglist
> * fix compilation errors
>
> v2:
> * Add Cc for stable in gitlog massage
> * Add Coverity line
> * v1 was acked by Acked-by: Jianfeng Tan <jianfeng....@intel.com>
>
>
> drivers/net/virtio/virtio_user/vhost_user.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/drivers/net/virtio/virtio_user/vhost_user.c
> b/drivers/net/virtio/virtio_user/vhost_user.c
> index 4ad7b21..97bd832 100644
> --- a/drivers/net/virtio/virtio_user/vhost_user.c
> +++ b/drivers/net/virtio/virtio_user/vhost_user.c
> @@ -130,6 +130,10 @@ vhost_user_read(int fd, struct vhost_user_msg *msg)
> }
>
> sz_payload = msg->size;
> +
> + if ((size_t)sz_payload > sizeof(msg->payload))
> + goto fail;
> +
> if (sz_payload) {
> ret = recv(fd, (void *)((char *)msg + sz_hdr), sz_payload, 0);
> if (ret < sz_payload) {
> --
> 2.7.4
