Fix name-array out-of-memory

"struct prox_port_cfg" "names" buffer size is 64 and it will lead to
out-of-memory when do "snprintf" operation. Modify code to enlarge
buffer size to 128.

Fixes: 9a1e1e9336b3 ("Added support for multiple vlans in ipv4 vdev mode")
Cc: xavier.simonart@intel.com
Signed-off-by: Long Wu <long.wu@corigine.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Reviewed-by: Chaoyong He <chaoyong.he@corigine.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund@corigine.com>
Change-Id: Iafbde578688e1a59f4b6e655e45b2d2951f36162

diff --git a/VNFs/DPPD-PROX/prox_globals.h b/VNFs/DPPD-PROX/prox_globals.h
index b09f3a5..7463ded 100644 (file)
--- a/VNFs/DPPD-PROX/prox_globals.h
+++ b/VNFs/DPPD-PROX/prox_globals.h
@@ -18,6 +18,7 @@
 #define MAX_TASKS_PER_CORE      8
 #define MAX_SOCKETS             64
 #define MAX_NAME_SIZE           64
+#define MAX_NAME_BUFFER_SIZE    128
 #define MAX_PROTOCOLS           3
 #define MAX_RINGS_PER_TASK      (MAX_WT_PER_LB*MAX_PROTOCOLS)
 #define MAX_WT_PER_LB           64

diff --git a/VNFs/DPPD-PROX/prox_port_cfg.c b/VNFs/DPPD-PROX/prox_port_cfg.c
index add05a5..bf7c4cb 100644 (file)
--- a/VNFs/DPPD-PROX/prox_port_cfg.c
+++ b/VNFs/DPPD-PROX/prox_port_cfg.c
@@ -227,10 +227,10 @@ void init_rte_dev(int use_dummy_devices)
                }
 
                if (port_cfg->vdev[0]) {
-                       char name[MAX_NAME_SIZE], tap[MAX_NAME_SIZE];
+                       char name[MAX_NAME_BUFFER_SIZE], tap[MAX_NAME_SIZE];
                        snprintf(tap, MAX_NAME_SIZE, "net_tap%d", port_id);
 #if (RTE_VERSION > RTE_VERSION_NUM(17,5,0,1))
-                       snprintf(name, MAX_NAME_SIZE, "iface=%s", port_cfg->vdev);
+                       snprintf(name, MAX_NAME_BUFFER_SIZE, "iface=%s", port_cfg->vdev);
                        rc = rte_vdev_init(tap, name);
 #else
                        PROX_PANIC(1, "vdev not supported in DPDK < 17.05\n");
@@ -248,7 +248,7 @@ void init_rte_dev(int use_dummy_devices)
                        for (uint32_t tag_id = 0; tag_id < prox_port_cfg[port_id].n_vlans; tag_id++) {
                                prox_port_cfg[vdev_port_id].vlan_tags[tag_id] = prox_port_cfg[port_id].vlan_tags[tag_id];
                                char command[1024];
-                               snprintf(prox_port_cfg[vdev_port_id].names[tag_id], MAX_NAME_SIZE, "%s_%d", port_cfg->vdev, prox_port_cfg[port_id].vlan_tags[tag_id]);
+                               snprintf(prox_port_cfg[vdev_port_id].names[tag_id], MAX_NAME_BUFFER_SIZE, "%s_%d", port_cfg->vdev, prox_port_cfg[port_id].vlan_tags[tag_id]);
                                sprintf(command, "ip link add link %s name %s type vlan id %d", port_cfg->vdev, prox_port_cfg[vdev_port_id].names[tag_id], prox_port_cfg[port_id].vlan_tags[tag_id]);
                                system(command);
                                plog_info("\tRunning %s\n", command);

diff --git a/VNFs/DPPD-PROX/prox_port_cfg.h b/VNFs/DPPD-PROX/prox_port_cfg.h
index 958597b..82d58f7 100644 (file)
--- a/VNFs/DPPD-PROX/prox_port_cfg.h
+++ b/VNFs/DPPD-PROX/prox_port_cfg.h
@@ -61,7 +61,7 @@ struct prox_port_cfg {
        uint32_t  mtu;
        enum addr_type    type;
        prox_rte_ether_addr eth_addr;    /* port MAC address */
-       char names[PROX_MAX_VLAN_TAGS][MAX_NAME_SIZE];
+       char names[PROX_MAX_VLAN_TAGS][MAX_NAME_BUFFER_SIZE];
        char vdev[MAX_NAME_SIZE];
        char short_name[MAX_NAME_SIZE];
        char driver_name[MAX_NAME_SIZE];