GET

Cover Detail

Show a cover letter.

GET /api/covers/49011/?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 49011,
    "url": "http://patches.dpdk.org/api/covers/49011/?format=api",
    "web_url": "http://patches.dpdk.org/project/dpdk/cover/20181217155005.13457-1-bruce.richardson@intel.com/",
    "project": {
        "id": 1,
        "url": "http://patches.dpdk.org/api/projects/1/?format=api",
        "name": "DPDK",
        "link_name": "dpdk",
        "list_id": "dev.dpdk.org",
        "list_email": "dev@dpdk.org",
        "web_url": "http://core.dpdk.org",
        "scm_url": "git://dpdk.org/dpdk",
        "webscm_url": "http://git.dpdk.org/dpdk",
        "list_archive_url": "https://inbox.dpdk.org/dev",
        "list_archive_url_format": "https://inbox.dpdk.org/dev/{}",
        "commit_url_format": ""
    },
    "msgid": "<20181217155005.13457-1-bruce.richardson@intel.com>",
    "list_archive_url": "https://inbox.dpdk.org/dev/20181217155005.13457-1-bruce.richardson@intel.com",
    "date": "2018-12-17T15:50:03",
    "name": "[0/2] prevent out of bounds read with checksum",
    "submitter": {
        "id": 20,
        "url": "http://patches.dpdk.org/api/people/20/?format=api",
        "name": "Bruce Richardson",
        "email": "bruce.richardson@intel.com"
    },
    "mbox": "http://patches.dpdk.org/project/dpdk/cover/20181217155005.13457-1-bruce.richardson@intel.com/mbox/",
    "series": [
        {
            "id": 2835,
            "url": "http://patches.dpdk.org/api/series/2835/?format=api",
            "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=2835",
            "date": "2018-12-17T15:50:03",
            "name": "prevent out of bounds read with checksum",
            "version": 1,
            "mbox": "http://patches.dpdk.org/series/2835/mbox/"
        }
    ],
    "comments": "http://patches.dpdk.org/api/covers/49011/comments/",
    "headers": {
        "Return-Path": "<dev-bounces@dpdk.org>",
        "X-Original-To": "patchwork@dpdk.org",
        "Delivered-To": "patchwork@dpdk.org",
        "Received": [
            "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 756B11B736;\n\tMon, 17 Dec 2018 16:50:38 +0100 (CET)",
            "from mga07.intel.com (mga07.intel.com [134.134.136.100])\n\tby dpdk.org (Postfix) with ESMTP id 96B0D1B6F7\n\tfor <dev@dpdk.org>; Mon, 17 Dec 2018 16:50:36 +0100 (CET)",
            "from fmsmga001.fm.intel.com ([10.253.24.23])\n\tby orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t17 Dec 2018 07:50:19 -0800",
            "from silpixa00399126.ir.intel.com (HELO\n\tsilpixa00399126.ger.corp.intel.com) ([10.237.222.236])\n\tby fmsmga001.fm.intel.com with ESMTP; 17 Dec 2018 07:50:16 -0800"
        ],
        "X-Amp-Result": "SKIPPED(no attachment in message)",
        "X-Amp-File-Uploaded": "False",
        "X-ExtLoop1": "1",
        "X-IronPort-AV": "E=Sophos;i=\"5.56,365,1539673200\"; d=\"scan'208\";a=\"130652856\"",
        "From": "Bruce Richardson <bruce.richardson@intel.com>",
        "To": "Olivier Matz <olivier.matz@6wind.com>,\n\tKeith Wiles <keith.wiles@intel.com>",
        "Cc": "dev@dpdk.org, Bruce Richardson <bruce.richardson@intel.com>,\n\tHemant Agrawal <hemant.agrawal@nxp.com>,\n\tShreyansh Jain <shreyansh.jain@nxp.com>",
        "Date": "Mon, 17 Dec 2018 15:50:03 +0000",
        "Message-Id": "<20181217155005.13457-1-bruce.richardson@intel.com>",
        "X-Mailer": "git-send-email 2.19.2",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "Subject": "[dpdk-dev] [PATCH 0/2] prevent out of bounds read with checksum",
        "X-BeenThere": "dev@dpdk.org",
        "X-Mailman-Version": "2.1.15",
        "Precedence": "list",
        "List-Id": "DPDK patches and discussions <dev.dpdk.org>",
        "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>",
        "List-Archive": "<http://mails.dpdk.org/archives/dev/>",
        "List-Post": "<mailto:dev@dpdk.org>",
        "List-Help": "<mailto:dev-request@dpdk.org?subject=help>",
        "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>",
        "Errors-To": "dev-bounces@dpdk.org",
        "Sender": "\"dev\" <dev-bounces@dpdk.org>"
    },
    "content": "The functions for checksumming the packet payload don't perform bounds\nchecks, and are used by the TAP driver which does not do any bounds checks\non the incoming packet either. This means a packet received with an\nincorrect IP header can read beyond the end of the mbuf.\n\nIn the worst case, where the length is specified as being smaller than the\nIPv4 header, 32-bit wrap-around on subtraction occurs, meaning that approx\n4GB of memory will be read.\n\nTo fix this, we can introduce a sanity check into the ipv4 function to\nensure that underflow does not occur. Since the checksum function does not\ntake the mbuf length as a parameter, we cannot check for overflow there,\nso we instead perform the checks in the TAP driver directly.\n\nIdeally, in a future release, all checksum functions should be modified to\ntake a max buffer length parameter to fix this issue globally.\n\nNOTE: It appears that the dpaa driver also uses these functions, but from\nwhat I can see there, they are only used on TX, which means that there\nshould be less need for parameter length checking, as the data does not\ncome from an untrusted source. Perhaps maintainers, Hemant and Shreyansh,\ncan confirm?\n\nCC: Hemant Agrawal <hemant.agrawal@nxp.com>\nCC: Shreyansh Jain <shreyansh.jain@nxp.com>\n\nBruce Richardson (2):\n  net: fix underflow for checksum of invalid IPv4 packets\n  net/tap: add buffer overflow checks before checksum\n\n drivers/net/tap/rte_eth_tap.c | 14 ++++++++++++++\n lib/librte_net/rte_ip.h       | 12 ++++++++----\n 2 files changed, 22 insertions(+), 4 deletions(-)"
}