diff mbox series

net/enic: fix raw item length check

Message ID	20190409064026.13646-1-hyonkim@cisco.com (mailing list archive)
State	Accepted, archived
Delegated to:	Ferruh Yigit
Headers	From: Hyong Youb Kim <hyonkim@cisco.com> To: Ferruh Yigit <ferruh.yigit@intel.com> Cc: dev@dpdk.org, John Daley <johndale@cisco.com>, Hyong Youb Kim <hyonkim@cisco.com> Date: Mon, 8 Apr 2019 23:40:26 -0700 Message-Id: <20190409064026.13646-1-hyonkim@cisco.com> Subject: [dpdk-dev] [PATCH] net/enic: fix raw item length check Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	net/enic: fix raw item length check \| net/enic: fix raw item length check

Checks

Context	Check	Description
ci/checkpatch	warning	coding style issues
ci/Intel-compilation	success	Compilation OK
ci/intel-Performance-Testing	success	Performance Testing PASS
ci/mellanox-Performance-Testing	success	Performance Testing PASS

Commit Message

Hyong Youb Kim (hyonkim) April 9, 2019, 6:40 a.m. UTC

  Currently, the raw item is always preceeded by a UDP header, and both
land in the L4 pattern buffer. So consider the UDP header size when
checking if the raw spec fits in the L4 buffer.

Coverity issue: 336796
Coverity issue: 336850
Fixes: 477959e6eeb0 ("net/enic: enable limited support for raw flow item")

Signed-off-by: Hyong Youb Kim <hyonkim@cisco.com>
Reviewed-by: John Daley <johndale@cisco.com>
---
 drivers/net/enic/enic_flow.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Ferruh Yigit April 11, 2019, 4:44 p.m. UTC | #1

On 4/9/2019 7:40 AM, Hyong Youb Kim wrote:
> Currently, the raw item is always preceeded by a UDP header, and both
> land in the L4 pattern buffer. So consider the UDP header size when
> checking if the raw spec fits in the L4 buffer.
> 
> Coverity issue: 336796
> Coverity issue: 336850
> Fixes: 477959e6eeb0 ("net/enic: enable limited support for raw flow item")
> 
> Signed-off-by: Hyong Youb Kim <hyonkim@cisco.com>
> Reviewed-by: John Daley <johndale@cisco.com>

Applied to dpdk-next-net/master, thanks.

diff mbox series

Patch

diff --git a/drivers/net/enic/enic_flow.c b/drivers/net/enic/enic_flow.c
index 5924a01e3..32ebeff09 100644
--- a/drivers/net/enic/enic_flow.c
+++ b/drivers/net/enic/enic_flow.c
@@ -967,7 +967,8 @@  enic_copy_item_raw_v2(struct copy_item_args *arg)
 	if (!spec->relative || spec->offset != 0 || spec->search || spec->limit)
 		return EINVAL;
 	/* Need non-null pattern that fits within the NIC's filter pattern */
-	if (spec->length == 0 || spec->length > FILTER_GENERIC_1_KEY_LEN ||
+	if (spec->length == 0 ||
+	    spec->length + sizeof(struct udp_hdr) > FILTER_GENERIC_1_KEY_LEN ||
 	    !spec->pattern || !mask->pattern)
 		return EINVAL;
 	/*