app/testpmd: fix hex string parser in flow commands

The hexadecimal string parser does not check the target
field buffer size, buffer overflow happens and might
cause the application failure (segmentation fault
is observed usually).

Fixes: 169a9fed1f4c ("app/testpmd: fix hex string parser support for flow API")
Cc: stable@dpdk.org
Signed-off-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
Acked-by: Ori Kam <orika@nvidia.com>

diff --git a/app/test-pmd/cmdline_flow.c b/app/test-pmd/cmdline_flow.c
index 6d9e3d5..a90822b 100644 (file)
--- a/app/test-pmd/cmdline_flow.c
+++ b/app/test-pmd/cmdline_flow.c
@@ -7381,10 +7381,13 @@ parse_hex(struct context *ctx, const struct token *token,
                hexlen -= 2;
        }
        if (hexlen > length)
-               return -1;
+               goto error;
        ret = parse_hex_string(str, hex_tmp, &hexlen);
        if (ret < 0)
                goto error;
+       /* Check the converted binary fits into data buffer. */
+       if (hexlen > size)
+               goto error;
        /* Let parse_int() fill length information first. */
        ret = snprintf(tmp, sizeof(tmp), "%u", hexlen);
        if (ret < 0)