From patchwork Wed Jan 2 13:13:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Honggang LI X-Patchwork-Id: 10746365 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 15BE11399 for ; Wed, 2 Jan 2019 13:15:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 03F3628848 for ; Wed, 2 Jan 2019 13:15:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E89CB28857; Wed, 2 Jan 2019 13:15:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 79D9728848 for ; Wed, 2 Jan 2019 13:15:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729901AbfABNPG (ORCPT ); Wed, 2 Jan 2019 08:15:06 -0500 Received: from mx1.redhat.com ([209.132.183.28]:53890 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728111AbfABNPG (ORCPT ); Wed, 2 Jan 2019 08:15:06 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B8EA052748; Wed, 2 Jan 2019 13:15:05 +0000 (UTC) Received: from localhost (ovpn-12-97.pek2.redhat.com [10.72.12.97]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 64E0D60C66; Wed, 2 Jan 2019 13:15:02 +0000 (UTC) From: Honggang Li To: hal@dev.mellanox.co.il Cc: linux-rdma@vger.kernel.org, Honggang Li Subject: [ibsim patch 22/23] sim_cmd.c: Fix out of bound memory access in do_cmd Date: Wed, 2 Jan 2019 21:13:17 +0800 Message-Id: <20190102131318.5765-22-honli@redhat.com> In-Reply-To: <20190102131318.5765-1-honli@redhat.com> References: <20190102131318.5765-1-honli@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Wed, 02 Jan 2019 13:15:05 +0000 (UTC) Sender: linux-rdma-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP ==6662== 287 errors in context 1 of 1: ==6662== Use of uninitialised value of size 8 ==6662== at 0x4108EA: do_cmd (sim_cmd.c:1199) ==6662== by 0x412976: sim_run_console (ibsim.c:563) ==6662== by 0x412D24: sim_run (ibsim.c:604) ==6662== by 0x41352E: main (ibsim.c:783) ==6662== Uninitialised value was created by a stack allocation ==6662== at 0x4128EF: sim_run_console (ibsim.c:552) Signed-off-by: Honggang Li --- ibsim/sim_cmd.c | 59 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 33 insertions(+), 26 deletions(-) diff --git a/ibsim/sim_cmd.c b/ibsim/sim_cmd.c index 325292103caa..fe3e3067882d 100644 --- a/ibsim/sim_cmd.c +++ b/ibsim/sim_cmd.c @@ -1188,69 +1188,76 @@ int sim_cmd_file(FILE * f, char *s) int netstarted; +static int match_command(char * line, char *cmd, unsigned int cmd_len) +{ + if (cmd_len != strlen(cmd)) + return 0; + return !(strncasecmp(line, cmd, strlen(cmd))); +} + int do_cmd(char *buf, FILE *f) { unsigned int cmd_len = 0; char *line; int r = 0; + unsigned int max_cmd_len, i; for (line = buf; *line && isspace(*line); line++) ; - while (!isspace(line[cmd_len])) - cmd_len++; + max_cmd_len = strlen(line); + for (i=0; i