Fix potential buffer overflows by string copy into fixed size buffer.
Coverity issue: 362732, 362736, 362760, 362772, 362775, 362784
Coverity issue: 362800, 362803, 362806, 362811, 362814, 362816
Coverity issue: 362834, 362837, 362844, 362845, 362857, 362861
Coverity issue: 362868, 362890, 362893, 362904, 362905
Fixes:
56492fd536 ("pipeline: add new SWX pipeline type")
Fixes:
1e4c88caea ("pipeline: add SWX extern objects and funcs")
Fixes:
e9d870dd93 ("pipeline: add SWX pipeline tables")
Fixes:
a1711f948d ("pipeline: add SWX Rx and extract instructions")
Signed-off-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
} while (0)
#define CHECK_NAME(name, err_code) \
} while (0)
#define CHECK_NAME(name, err_code) \
- CHECK((name) && (name)[0], err_code)
+ CHECK((name) && \
+ (name)[0] && \
+ (strnlen((name), RTE_SWX_NAME_SIZE) < RTE_SWX_NAME_SIZE), \
+ err_code)
+
+#define CHECK_INSTRUCTION(instr, err_code) \
+ CHECK((instr) && \
+ (instr)[0] && \
+ (strnlen((instr), RTE_SWX_INSTRUCTION_SIZE) < \
+ RTE_SWX_INSTRUCTION_SIZE), \
+ err_code)
#ifndef TRACE_LEVEL
#define TRACE_LEVEL 0
#ifndef TRACE_LEVEL
#define TRACE_LEVEL 0
- CHECK(extern_type_name, EINVAL);
+ CHECK_NAME(extern_type_name, EINVAL);
type = extern_type_find(p, extern_type_name);
CHECK(type, EINVAL);
CHECK(type->n_funcs < RTE_SWX_EXTERN_TYPE_MEMBER_FUNCS_MAX, ENOSPC);
type = extern_type_find(p, extern_type_name);
CHECK(type, EINVAL);
CHECK(type->n_funcs < RTE_SWX_EXTERN_TYPE_MEMBER_FUNCS_MAX, ENOSPC);
+ CHECK_NAME(name, EINVAL);
CHECK(!extern_type_member_func_find(type, name), EEXIST);
CHECK(member_func, EINVAL);
CHECK(!extern_type_member_func_find(type, name), EEXIST);
CHECK(member_func, EINVAL);
-#define RTE_SWX_INSTRUCTION_TOKENS_MAX 16
-
static int
instr_translate(struct rte_swx_pipeline *p,
struct action *action,
static int
instr_translate(struct rte_swx_pipeline *p,
struct action *action,
break;
CHECK(n_tokens < RTE_SWX_INSTRUCTION_TOKENS_MAX, EINVAL);
break;
CHECK(n_tokens < RTE_SWX_INSTRUCTION_TOKENS_MAX, EINVAL);
+ CHECK_NAME(token, EINVAL);
tokens[n_tokens] = token;
n_tokens++;
tokens[n_tokens] = token;
n_tokens++;
CHECK(n_instructions, EINVAL);
CHECK(instructions, EINVAL);
for (i = 0; i < n_instructions; i++)
CHECK(n_instructions, EINVAL);
CHECK(instructions, EINVAL);
for (i = 0; i < n_instructions; i++)
- CHECK(instructions[i], EINVAL);
+ CHECK_INSTRUCTION(instructions[i], EINVAL);
/* Memory allocation. */
instr = calloc(n_instructions, sizeof(struct instruction));
/* Memory allocation. */
instr = calloc(n_instructions, sizeof(struct instruction));
struct action *a;
uint32_t action_data_size;
struct action *a;
uint32_t action_data_size;
- CHECK(action_name, EINVAL);
+ CHECK_NAME(action_name, EINVAL);
a = action_find(p, action_name);
CHECK(a, EINVAL);
a = action_find(p, action_name);
CHECK(a, EINVAL);
action_data_size_max = action_data_size;
}
action_data_size_max = action_data_size;
}
- CHECK(params->default_action_name, EINVAL);
+ CHECK_NAME(params->default_action_name, EINVAL);
for (i = 0; i < p->n_actions; i++)
if (!strcmp(params->action_names[i],
params->default_action_name))
for (i = 0; i < p->n_actions; i++)
if (!strcmp(params->action_names[i],
params->default_action_name))
!params->default_action_data, EINVAL);
/* Table type checks. */
!params->default_action_data, EINVAL);
/* Table type checks. */
+ if (recommended_table_type_name)
+ CHECK_NAME(recommended_table_type_name, EINVAL);
+
if (params->n_fields) {
enum rte_swx_table_match_type match_type;
if (params->n_fields) {
enum rte_swx_table_match_type match_type;
#ifndef RTE_SWX_NAME_SIZE
#define RTE_SWX_NAME_SIZE 64
#endif
#ifndef RTE_SWX_NAME_SIZE
#define RTE_SWX_NAME_SIZE 64
#endif
+
+/** Instruction size. */
+#ifndef RTE_SWX_INSTRUCTION_SIZE
+#define RTE_SWX_INSTRUCTION_SIZE 256
+#endif
+
+/** Instruction tokens. */
+#ifndef RTE_SWX_INSTRUCTION_TOKENS_MAX
+#define RTE_SWX_INSTRUCTION_TOKENS_MAX 16
+#endif
+
/*
* Pipeline setup and operation
*/
/*
* Pipeline setup and operation
*/
#include "rte_swx_pipeline.h"
#include "rte_swx_ctl.h"
#include "rte_swx_pipeline.h"
#include "rte_swx_ctl.h"
-#define MAX_LINE_LENGTH 256
-#define MAX_TOKENS 16
-#define MAX_INSTRUCTION_LENGTH 256
+#define MAX_LINE_LENGTH RTE_SWX_INSTRUCTION_SIZE
+#define MAX_TOKENS RTE_SWX_INSTRUCTION_TOKENS_MAX
#define STRUCT_BLOCK 0
#define ACTION_BLOCK 1
#define STRUCT_BLOCK 0
#define ACTION_BLOCK 1
uint32_t *err_line,
const char **err_msg)
{
uint32_t *err_line,
const char **err_msg)
{
- char buffer[MAX_INSTRUCTION_LENGTH], *instr;
+ char buffer[RTE_SWX_INSTRUCTION_SIZE], *instr;
const char **new_instructions;
uint32_t i;
const char **new_instructions;
uint32_t i;
uint32_t *err_line,
const char **err_msg)
{
uint32_t *err_line,
const char **err_msg)
{
- char buffer[MAX_INSTRUCTION_LENGTH], *instr;
+ char buffer[RTE_SWX_INSTRUCTION_SIZE], *instr;
const char **new_instructions;
uint32_t i;
const char **new_instructions;
uint32_t i;
+ /* Handle excessively long tokens. */
+ if (strnlen(token, RTE_SWX_NAME_SIZE) >=
+ RTE_SWX_NAME_SIZE) {
+ if (err_line)
+ *err_line = n_lines;
+ if (err_msg)
+ *err_msg = "Token too big.";
+ status = -EINVAL;
+ goto error;
+ }
+
/* Save token. */
tokens[n_tokens] = token;
n_tokens++;
/* Save token. */
tokens[n_tokens] = token;
n_tokens++;