From patchwork Mon Dec 17 15:50:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Richardson X-Patchwork-Id: 49012 X-Patchwork-Delegate: ferruh.yigit@amd.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 4A9DD1B8CB; Mon, 17 Dec 2018 16:50:40 +0100 (CET) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id E69671B736; Mon, 17 Dec 2018 16:50:36 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Dec 2018 07:50:29 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,365,1539673200"; d="scan'208";a="130652874" Received: from silpixa00399126.ir.intel.com (HELO silpixa00399126.ger.corp.intel.com) ([10.237.222.236]) by fmsmga001.fm.intel.com with ESMTP; 17 Dec 2018 07:50:27 -0800 From: Bruce Richardson To: Olivier Matz , Keith Wiles Cc: dev@dpdk.org, Bruce Richardson , stable@dpdk.org Date: Mon, 17 Dec 2018 15:50:04 +0000 Message-Id: <20181217155005.13457-2-bruce.richardson@intel.com> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181217155005.13457-1-bruce.richardson@intel.com> References: <20181217155005.13457-1-bruce.richardson@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH 1/2] net: fix underflow for checksum of invalid IPv4 packets X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" If we receive a packet with an invalid IP header, where the total packet length is reported as less than the IP header length, we would end up getting an underflow in the length subtraction. This could cause us to checksum e.g. 4GB of data in the case where the result of the subtraction was -1. We fix this by having the function return 0 - an invalid sum - when the length is less than the header length. CC: stable@dpdk.org Fixes: af75078fece3 ("first public release") Fixes: 6006818cfb26 ("net: new checksum functions") Signed-off-by: Bruce Richardson Acked-by: Hemant Agrawal > Acked-by: Hemant Agrawal Acked-by: Hemant Agrawal > --- lib/librte_net/rte_ip.h | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/librte_net/rte_ip.h b/lib/librte_net/rte_ip.h index f2a8904a2..f9b909090 100644 --- a/lib/librte_net/rte_ip.h +++ b/lib/librte_net/rte_ip.h @@ -310,16 +310,20 @@ rte_ipv4_phdr_cksum(const struct ipv4_hdr *ipv4_hdr, uint64_t ol_flags) * @param l4_hdr * The pointer to the beginning of the L4 header. * @return - * The complemented checksum to set in the IP packet. + * The complemented checksum to set in the IP packet + * or 0 on error */ static inline uint16_t rte_ipv4_udptcp_cksum(const struct ipv4_hdr *ipv4_hdr, const void *l4_hdr) { uint32_t cksum; - uint32_t l4_len; + uint32_t l3_len, l4_len; + + l3_len = rte_be_to_cpu_16(ipv4_hdr->total_length); + if (l3_len < sizeof(struct ipv4_hdr)) + return 0; - l4_len = (uint32_t)(rte_be_to_cpu_16(ipv4_hdr->total_length) - - sizeof(struct ipv4_hdr)); + l4_len = l3_len - sizeof(struct ipv4_hdr); cksum = rte_raw_cksum(l4_hdr, l4_len); cksum += rte_ipv4_phdr_cksum(ipv4_hdr, 0);