net/ring: check internal arguments

Add a check for the return value of the sscanf call in
parse_internal_args(), returning an error if we don't get the expected
result.

Coverity issue: 362049
Fixes: 96cb19521147 ("net/ring: use EAL APIs in PMD specific API")
Cc: stable@dpdk.org
Signed-off-by: Kevin Laatz <kevin.laatz@intel.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>

diff --git a/drivers/net/ring/rte_eth_ring.c b/drivers/net/ring/rte_eth_ring.c
index 83c550212316be21341b909a4014c4441c24c3b0..22c08026882994d2e17a46c911e1e3987eaf509b 100644 (file)
--- a/drivers/net/ring/rte_eth_ring.c
+++ b/drivers/net/ring/rte_eth_ring.c
@@ -16,6 +16,7 @@
 #define ETH_RING_ACTION_CREATE         "CREATE"
 #define ETH_RING_ACTION_ATTACH         "ATTACH"
 #define ETH_RING_INTERNAL_ARG          "internal"
+#define ETH_RING_INTERNAL_ARG_MAX_LEN  19 /* "0x..16chars..\0" */
 
 static const char *valid_arguments[] = {
        ETH_RING_NUMA_NODE_ACTION_ARG,
@@ -571,8 +572,21 @@ parse_internal_args(const char *key __rte_unused, const char *value,
 {
        struct ring_internal_args **internal_args = data;
        void *args;
+       int ret, n;
 
-       sscanf(value, "%p", &args);
+       /* make sure 'value' is valid pointer length */
+       if (strnlen(value, ETH_RING_INTERNAL_ARG_MAX_LEN) >=
+                       ETH_RING_INTERNAL_ARG_MAX_LEN) {
+               PMD_LOG(ERR, "Error parsing internal args, argument is too long");
+               return -1;
+       }
+
+       ret = sscanf(value, "%p%n", &args, &n);
+       if (ret == 0 || (size_t)n != strlen(value)) {
+               PMD_LOG(ERR, "Error parsing internal args");
+
+               return -1;
+       }
 
        *internal_args = args;