Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/94619/?format=api
https://patches.dpdk.org/api/patches/94619/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/20210621132834.21673-1-ohilyard@iol.unh.edu/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20210621132834.21673-1-ohilyard@iol.unh.edu>", "list_archive_url": "https://inbox.dpdk.org/dev/20210621132834.21673-1-ohilyard@iol.unh.edu", "date": "2021-06-21T13:28:34", "name": "[v3] lib/rte_rib6: fix stack buffer overflow", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "6fbfdcaa9c8daef5c3da7f3e6add8a814ff742b0", "submitter": { "id": 1829, "url": "https://patches.dpdk.org/api/people/1829/?format=api", "name": "Owen Hilyard", "email": "ohilyard@iol.unh.edu" }, "delegate": { "id": 24651, "url": "https://patches.dpdk.org/api/users/24651/?format=api", "username": "dmarchand", "first_name": "David", "last_name": "Marchand", "email": "david.marchand@redhat.com" }, "mbox": "https://patches.dpdk.org/project/dpdk/patch/20210621132834.21673-1-ohilyard@iol.unh.edu/mbox/", "series": [ { "id": 17424, "url": "https://patches.dpdk.org/api/series/17424/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=17424", "date": "2021-06-21T13:28:34", "name": "[v3] lib/rte_rib6: fix stack buffer overflow", "version": 3, "mbox": "https://patches.dpdk.org/series/17424/mbox/" } ], "comments": "https://patches.dpdk.org/api/patches/94619/comments/", "check": "fail", "checks": "https://patches.dpdk.org/api/patches/94619/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 6E363A0547;\n\tMon, 21 Jun 2021 15:28:47 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 5A43D41199;\n\tMon, 21 Jun 2021 15:28:47 +0200 (CEST)", "from mail-oi1-f227.google.com (mail-oi1-f227.google.com\n [209.85.167.227])\n by mails.dpdk.org (Postfix) with ESMTP id CC0A440040\n for <dev@dpdk.org>; Mon, 21 Jun 2021 15:28:45 +0200 (CEST)", "by mail-oi1-f227.google.com with SMTP id m137so19893284oig.6\n for <dev@dpdk.org>; Mon, 21 Jun 2021 06:28:45 -0700 (PDT)", "from postal.iol.unh.edu (postal.iol.unh.edu. [132.177.123.84])\n by smtp-relay.gmail.com with ESMTPS id y3sm379606oot.7.2021.06.21.06.28.44\n (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);\n Mon, 21 Jun 2021 06:28:44 -0700 (PDT)", "from iol.unh.edu (unknown\n [IPv6:2606:4100:3880:1220:73b3:2227:c156:c558])\n by postal.iol.unh.edu (Postfix) with ESMTP id 4D8DC6052490;\n Mon, 21 Jun 2021 09:28:44 -0400 (EDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=iol.unh.edu;\n s=unh-iol;\n h=from:to:cc:subject:date:message-id:in-reply-to:references\n :mime-version:content-transfer-encoding;\n bh=alF1gt8BCNesvoTNZomHSxylOaMdkgYvTCWlhtaKopw=;\n b=Dt/Y1JERhnQUjEWt6IrMD2WoQ9yLbpcLiADaD7XDmvIxevIgcrcvBopd0hgU+0PsFU\n jd3R9oJZrA9mTWeZwGSli6Js3xjZ1q6kttAzo8yLsZ9EVdG02T2Xzpb7u0mXPfh2B+Z6\n L1MT58uIfU27Xx2QLYbM5n9CXr2FNwziI2OVI=", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20161025;\n h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to\n :references:mime-version:content-transfer-encoding;\n bh=alF1gt8BCNesvoTNZomHSxylOaMdkgYvTCWlhtaKopw=;\n b=Jv9KzzQxAvWEz1PGF2mSyYgY6JTXMcIm2oNLpDCvIRd/a5Fvosv3NaOx+CgaihskP8\n 2sXKx3axtOBTdUg5RLVKzPuLZzYUQqVVomp4Zu0vsR2my7CjckAMCFgNi05Za7bs7Bvg\n 5m1d4d5B+ccx++BrkPbCOLgM5qy0XcgRvX19BUWOdQ5+7gJFjmiU32Xd1iz0Bto2pAF6\n VVf8KYvcC6xxd1s4wPurCIdXy4O9lbAfDlDgXxO9MXGu9GDNp70/wBjCG2FZ4XGDibk/\n LnUJSU7nxMbykp8o/HGRTi1LxAQtrpFDAIyVji9wu39XYUR8i9mDtAaNZ6zl4YZVDFHn\n qMSg==", "X-Gm-Message-State": "AOAM531x8DCSsbKZS+tHI7ROCKY6ecKpG8BwFv1ZGF8mALGDQWQf3YIZ\n CNpdBHBU3cKwS7jy9OdSoP9ZluAftP7WF1pHIUSOv/NIkyPQTiaBaOVxM9c9LSyOF7adA7FSN3R\n jagmToMGf6pZwu76h6JZMK9Zp/NCmaAEWTAgVC82mcJa4ZRg3hFbEuEtSG+y+swSFZLY81bJwYA\n ==", "X-Google-Smtp-Source": "\n ABdhPJyFIRVLQN5US91M9xVsiIkg8aKjVjJaCYZZj7YiAXwtA6h/PZpQCvhsV+CXNKaKI811jtCwPt93XtOp", "X-Received": "by 2002:a05:6808:2107:: with SMTP id\n r7mr17435998oiw.64.1624282124910;\n Mon, 21 Jun 2021 06:28:44 -0700 (PDT)", "X-Relaying-Domain": "iol.unh.edu", "From": "ohilyard@iol.unh.edu", "To": "vladimir.medvedkin@intel.com", "Cc": "dev@dpdk.org, stephen@networkplumber.org, david.marchand@redhat.com,\n Owen Hilyard <ohilyard@iol.unh.edu>", "Date": "Mon, 21 Jun 2021 09:28:34 -0400", "Message-Id": "<20210621132834.21673-1-ohilyard@iol.unh.edu>", "X-Mailer": "git-send-email 2.30.2", "In-Reply-To": "<20210616181833.356159-1-ohilyard@iol.unh.edu>", "References": "<20210616181833.356159-1-ohilyard@iol.unh.edu>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Subject": "[dpdk-dev] [PATCH v3] lib/rte_rib6: fix stack buffer overflow", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "From: Owen Hilyard <ohilyard@iol.unh.edu>\n\nASAN found a stack buffer overflow in lib/rib/rte_rib6.c:get_dir.\nThe fix for the stack buffer overflow was to make sure depth\nwas always < 128, since when depth = 128 it caused the index\ninto the ip address to be 16, which read off the end of the array.\n\nWhile trying to solve the buffer overflow, I noticed that a few\nchanges could be made to remove the for loop entirely.\n\nFixes: f7e861e21c (\"rib: support IPv6\")\n\nSigned-off-by: Owen Hilyard <ohilyard@iol.unh.edu>\n---\n lib/rib/rte_rib6.c | 29 +++++++++++++++++++++--------\n 1 file changed, 21 insertions(+), 8 deletions(-)", "diff": "diff --git a/lib/rib/rte_rib6.c b/lib/rib/rte_rib6.c\nindex f6c55ee45..96424e9c9 100644\n--- a/lib/rib/rte_rib6.c\n+++ b/lib/rib/rte_rib6.c\n@@ -79,20 +79,33 @@ is_covered(const uint8_t ip1[RTE_RIB6_IPV6_ADDR_SIZE],\n static inline int\n get_dir(const uint8_t ip[RTE_RIB6_IPV6_ADDR_SIZE], uint8_t depth)\n {\n-\tint i = 0;\n-\tuint8_t p_depth, msk;\n-\n-\tfor (p_depth = depth; p_depth >= 8; p_depth -= 8)\n-\t\ti++;\n-\n-\tmsk = 1 << (7 - p_depth);\n-\treturn (ip[i] & msk) != 0;\n+\tuint8_t index, msk;\n+\n+\t/*\n+\t * depth & 127 clamps depth to values that will not\n+\t * read off the end of ip.\n+\t * depth is the number of bits deep into ip to traverse, and\n+\t * is incremented in blocks of 8 (1 byte). This means the last\n+\t * 3 bits are irrelevant to what the index of ip should be.\n+\t */\n+\tindex = (depth & (UINT8_MAX - 1)) / CHAR_BIT;\n+\n+\t/*\n+\t * msk is the bitmask used to extract the bit used to decide the\n+\t * direction of the next step of the binary search.\n+\t */\n+\tmsk = 1 << (7 - (depth & 7));\n+\n+\treturn (ip[index] & msk) != 0;\n }\n \n static inline struct rte_rib6_node *\n get_nxt_node(struct rte_rib6_node *node,\n \tconst uint8_t ip[RTE_RIB6_IPV6_ADDR_SIZE])\n {\n+\tif (node->depth == RIB6_MAXDEPTH)\n+\t\treturn NULL;\n+\n \treturn (get_dir(ip, node->depth)) ? node->right : node->left;\n }\n \n", "prefixes": [ "v3" ] }{ "id": 94619, "url": "