This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "".
The branch, master has been updated via b007f9d72b085005ba7b19355885c7f0096899e2 (commit) from b6a5e7039cc23e4547b11b78a12ba7f9efe6ae93 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit b007f9d72b085005ba7b19355885c7f0096899e2 Author: Maxim Uvarov maxim.uvarov@linaro.org Date: Fri Jul 29 17:58:24 2016 +0300
linux-gen: fix possible overflow in pktio ipc code
Add additional check before coping from pointer to array for pool name. In general it should never happen until somebody will corrupt shared memory. https://bugs.linaro.org/show_bug.cgi?id=2424
Signed-off-by: Maxim Uvarov maxim.uvarov@linaro.org Reviewed-by: Bill Fischofer bill.fischofer@linaro.org
diff --git a/platform/linux-generic/pktio/ipc.c b/platform/linux-generic/pktio/ipc.c index f9e7a00..d97e495 100644 --- a/platform/linux-generic/pktio/ipc.c +++ b/platform/linux-generic/pktio/ipc.c @@ -211,6 +211,12 @@ static int _ipc_init_master(pktio_entry_t *pktio_entry, /* Set up pool name for remote info */ pinfo = pktio_entry->s.ipc.pinfo; pool_name = _ipc_odp_buffer_pool_shm_name(pool); + if (strlen(pool_name) > ODP_POOL_NAME_LEN) { + ODP_DBG("pid %d ipc pool name %s is too big %d\n", + getpid(), pool_name, strlen(pool_name)); + goto free_s_prod; + } + memcpy(pinfo->master.pool_name, pool_name, strlen(pool_name)); pinfo->master.shm_pkt_pool_size = pool_entry->s.pool_size; pinfo->master.shm_pool_bufs_num = pool_entry->s.buf_num;
-----------------------------------------------------------------------
Summary of changes: platform/linux-generic/pktio/ipc.c | 6 ++++++ 1 file changed, 6 insertions(+)
hooks/post-receive