Re: [PATCH] event/octeontx: resolve possible integer overflow

Fri, 18 Oct 2024 10:36:01 -0700 

On Fri, 18 Oct 2024 13:29:03 +0530
Hanumanth Pothula <hpoth...@marvell.com> wrote:

> The last argument passed to ssovf_parsekv() is an
> unsigned char*, but it is accessed as an integer.
> This can lead to an integer overflow.
> 
> Hence, make ensure the argument is accessed as a char
> and for better error handling use strtol instead of atoi.
> 
> Signed-off-by: Hanumanth Pothula <hpoth...@marvell.com>
> ---
>  drivers/event/octeontx/ssovf_evdev.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/event/octeontx/ssovf_evdev.c 
> b/drivers/event/octeontx/ssovf_evdev.c
> index 3a933b1db7..ccb447d33a 100644
> --- a/drivers/event/octeontx/ssovf_evdev.c
> +++ b/drivers/event/octeontx/ssovf_evdev.c
> @@ -719,8 +719,16 @@ ssovf_close(struct rte_eventdev *dev)
>  static int
>  ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
>  {
> -     int *flag = opaque;
> -     *flag = !!atoi(value);
> +     uint8_t *flag = (uint8_t *)opaque;
> +     char *end;
> +
> +     errno = 0;
> +     *flag = (uint8_t)strtol(value, &end, 2);
> +     if ((errno != 0) || (value == end)) {
> +             ssovf_log_err("fail to get key val ret:%d err:%d", *flag, 
> errno);
> +             return -EINVAL;
> +     }
> +
>       return 0;
>  }

Cast of opaque is unnecessary in C.
Use strtoul to avoid allowing negative numbers.
Passing 2 as argument makes it assume binary so 101 is legal value and returns 5
and it is not helping.


Why not:

diff --git a/drivers/event/octeontx/ssovf_evdev.c 
b/drivers/event/octeontx/ssovf_evdev.c
index 3a933b1db7..9804f5bc59 100644
--- a/drivers/event/octeontx/ssovf_evdev.c
+++ b/drivers/event/octeontx/ssovf_evdev.c
@@ -717,10 +717,20 @@ ssovf_close(struct rte_eventdev *dev)
 }
 
 static int
-ssovf_parsekv(const char *key __rte_unused, const char *value, void *opaque)
+ssovf_parsekv(const char *key, const char *value, void *opaque)
 {
-       int *flag = opaque;
-       *flag = !!atoi(value);
+       uint8_t *flag = opaque;
+       unsigned long v;
+       char *end;
+
+       errno = 0;
+       v = strtoul(value, &end, 0);
+       if (errno != 0 || end == value || *end != '\0') {
+               ssvf_log_err("invalid %s value %s", key, value);
+               return -EINVAL;
+       }
+
+       *flag = !!v;
        return 0;
 }

Reply via email to